Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
USBRecoveryCreator.exe

Overview

General Information

Sample name:USBRecoveryCreator.exe
Analysis ID:1529039
MD5:23a460c02cc1b3b220ecb54cbd974a6a
SHA1:ece022c7d45ccf9afd5b72c33f1dcfc85a42c204
SHA256:dc86aed4873dbb3cef993c84533d83efc4ad35150ae32c15d22c40adbb511c43
Infos:

Detection

Score:36
Range:0 - 100
Whitelisted:false
Confidence:0%

Compliance

Score:47
Range:0 - 100

Signatures

Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries keyboard layouts
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Stores large binary data to the registry
Uses 32bit PE files
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64_ra
  • USBRecoveryCreator.exe (PID: 7132 cmdline: "C:\Users\user\Desktop\USBRecoveryCreator.exe" MD5: 23A460C02CC1B3B220ECB54CBD974A6A)
    • msedgewebview2.exe (PID: 2268 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=7132.6416.13364086456236290218 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 5560 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffa2c568e88,0x7ffa2c568e98,0x7ffa2c568ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 2040 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1776 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 6364 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2112 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:3 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 3724 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2280 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:8 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 6468 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5006426684 --mojo-platform-channel-handle=3368 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 5400 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5022028320 --mojo-platform-channel-handle=4288 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Uses 32bit PE files
Source: USBRecoveryCreator.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: USBRecoveryCreator.exeStatic PE information: certificate valid
Uses secure TLS version for HTTPS connections
Source: unknownHTTPS traffic detected: 13.215.130.214:443 -> 192.168.2.17:49712 version: TLS 1.2
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: USBRecoveryCreator.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: unknownTCP traffic detected without corresponding DNS query: 23.201.163.250
Source: global trafficDNS traffic detected: DNS query: dds.lenovo.com
Source: global trafficDNS traffic detected: DNS query: passport.lenovo.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 13.215.130.214:443 -> 192.168.2.17:49712 version: TLS 1.2
Source: USBRecoveryCreator.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Source: USBRecoveryCreator.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: sus36.evad.winEXE@14/96@13/122
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeMutant created: NULL
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeMutant created: \Sessions\1\BaseNamedObjects\Global\ControlPanel
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\Users\user\AppData\Local\Temp\.net
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile read: C:\Users\user\Desktop\USBRecoveryCreator.exe
Source: unknownProcess created: C:\Users\user\Desktop\USBRecoveryCreator.exe "C:\Users\user\Desktop\USBRecoveryCreator.exe"
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=7132.6416.13364086456236290218
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffa2c568e88,0x7ffa2c568e98,0x7ffa2c568ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1776 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2112 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2280 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5006426684 --mojo-platform-channel-handle=3368 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5022028320 --mojo-platform-channel-handle=4288 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffa2c568e88,0x7ffa2c568e98,0x7ffa2c568ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1776 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2112 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2280 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5006426684 --mojo-platform-channel-handle=3368 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5022028320 --mojo-platform-channel-handle=4288 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: uxtheme.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: dwrite.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: icu.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: cryptxml.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: webservices.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: msasn1.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: cryptsp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: rsaenh.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: cryptbase.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: gpapi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: cryptnet.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: wbemcomn.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: amsi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: userenv.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: ntmarta.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: mscoree.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: urlmon.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: iertutil.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: srvcli.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: netutils.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: d3dcompiler_47_cor3.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: windowscodecs.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: d3d9.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: d3d10warp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: wtsapi32.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: winsta.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: powrprof.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: umpdc.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: textshaping.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: dataexchange.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: d3d11.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: dcomp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: dxgi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: resourcepolicyclient.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: dxcore.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: textinputframework.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: coremessaging.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: wintypes.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: msctfui.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: propsys.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: winhttp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: dhcpcsvc6.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: dhcpcsvc.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: mswsock.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: wshunix.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: dnsapi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: rasadhlp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: fwpuclnt.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: sspicli.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: schannel.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: mskeyprotect.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: ntasn1.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: ncrypt.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: winmm.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: wininet.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: winnsi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: edputil.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kbdus.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.ui.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: inputhost.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.security.authentication.web.core.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dataexchange.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mf.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfplat.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rtworkq.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dolbydecmft.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfperfhelper.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: atlthunk.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: directmanipulation.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d10warp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.devices.sensors.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: biwinrt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msacm32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msdmo.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmmbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmmbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mmdevapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ncryptprov.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwritecore.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: vaultcli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: aadwamextension.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: microsoftaccountwamextension.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: hevcdecoder.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: tenantrestrictionsplugin.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.web.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netprofm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: npmproxy.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.userprofile.diagnosticssettings.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wevtapi.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: bitsproxy.dll
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwmapi.dll
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: USBRecoveryCreator.exeStatic PE information: certificate valid
Source: USBRecoveryCreator.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: USBRecoveryCreator.exeStatic file information: File size 74500240 > 1048576
Source: USBRecoveryCreator.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x541c00
Source: USBRecoveryCreator.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x13ca00
Source: USBRecoveryCreator.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x194a00
Source: USBRecoveryCreator.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: USBRecoveryCreator.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: USBRecoveryCreator.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: USBRecoveryCreator.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: USBRecoveryCreator.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: USBRecoveryCreator.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: USBRecoveryCreator.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: USBRecoveryCreator.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: USBRecoveryCreator.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: USBRecoveryCreator.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: USBRecoveryCreator.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: USBRecoveryCreator.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: USBRecoveryCreator.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: USBRecoveryCreator.exeStatic PE information: section name: .CLR_UEF
Source: USBRecoveryCreator.exeStatic PE information: section name: .didat
Source: USBRecoveryCreator.exeStatic PE information: section name: _RDATA
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\D3DCompiler_47_cor3.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\ProgramData\Lenovo\USBRecoveryCreator\vcruntime140.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\wpfgfx_cor3.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\PresentationNative_cor3.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\ProgramData\Lenovo\USBRecoveryCreator\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\Lenovo.CertificateValidation.Native.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\ProgramData\Lenovo\USBRecoveryCreator\USBComponent.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\vcruntime140_cor3.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\runtimes\win-arm64\native\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\runtimes\win-x64\native\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\PenImc_cor3.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\ProgramData\Lenovo\USBRecoveryCreator\vcruntime140.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\ProgramData\Lenovo\USBRecoveryCreator\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeFile created: C:\ProgramData\Lenovo\USBRecoveryCreator\USBComponent.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries memory information (via WMI often done to detect virtual machines)
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Capacity FROM Win32_PhysicalMemory
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeMemory allocated: 5250000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeMemory allocated: 5480000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeMemory allocated: 8480000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWindow / User API: threadDelayed 621
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\wpfgfx_cor3.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeDropped PE file which has not been started: C:\ProgramData\Lenovo\USBRecoveryCreator\vcruntime140.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\PresentationNative_cor3.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeDropped PE file which has not been started: C:\ProgramData\Lenovo\USBRecoveryCreator\msvcp140.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\Lenovo.CertificateValidation.Native.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeDropped PE file which has not been started: C:\ProgramData\Lenovo\USBRecoveryCreator\USBComponent.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\vcruntime140_cor3.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\runtimes\win-arm64\native\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\runtimes\win-x64\native\WebView2Loader.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\PenImc_cor3.dllJump to dropped file
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe TID: 3088Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe TID: 3088Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe TID: 3088Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe TID: 3088Thread sleep time: -100000s >= -30000s
Source: C:\Users\user\Desktop\USBRecoveryCreator.exe TID: 3088Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\blob_storage\09dd40c7-9998-4598-b0ef-63466da43b13 FullSizeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeThread delayed: delay time: 30000
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeThread delayed: delay time: 100000
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess queried: DebugPort
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeMemory allocated: page read and write | page guard
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffa2c568e88,0x7ffa2c568e98,0x7ffa2c568ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1776 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2112 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2280 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5006426684 --mojo-platform-channel-handle=3368 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView" --webview-exe-name=USBRecoveryCreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5022028320 --mojo-platform-channel-handle=4288 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=MojoIpcz /prefetch:1
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=mojoipcz --mojo-named-platform-channel-pipe=7132.6416.13364086456236290218
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffa2c568e88,0x7ffa2c568e98,0x7ffa2c568ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1776 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2112 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2280 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5006426684 --mojo-platform-channel-handle=3368 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --disable-gpu-compositing --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5022028320 --mojo-platform-channel-handle=4288 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffa2c568e88,0x7ffa2c568e98,0x7ffa2c568ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1776 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2112 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --mojo-platform-channel-handle=2280 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5006426684 --mojo-platform-channel-handle=3368 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\desktop\usbrecoverycreator.exe.webview2\ebwebview" --webview-exe-name=usbrecoverycreator.exe --webview-exe-version=4.0.20 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --disable-nacl --disable-gpu-compositing --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1728389057691406 --launch-time-ticks=5022028320 --mojo-platform-channel-handle=4288 --field-trial-handle=1704,i,8617214639063220539,344246526903938846,262144 --enable-features=mojoipcz /prefetch:1
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuisl.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Users\user\Desktop\USBRecoveryCreator.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
Windows Management Instrumentation		1
DLL Side-Loading		11
Process Injection		1
Masquerading		OS Credential Dumping1
Query Registry		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Command and Scripting Interpreter		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Modify Registry		LSASS Memory23
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
Disable or Modify Tools		Security Account Manager162
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook162
Virtualization/Sandbox Evasion		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
Process Injection		LSA Secrets1
Remote System Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials34
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
USBRecoveryCreator.exe5%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\ProgramData\Lenovo\USBRecoveryCreator\USBComponent.dll0%ReversingLabs
C:\ProgramData\Lenovo\USBRecoveryCreator\msvcp140.dll0%ReversingLabs
C:\ProgramData\Lenovo\USBRecoveryCreator\vcruntime140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\D3DCompiler_47_cor3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\Lenovo.CertificateValidation.Native.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\PenImc_cor3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\PresentationNative_cor3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\WebView2Loader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\runtimes\win-arm64\native\WebView2Loader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\runtimes\win-x64\native\WebView2Loader.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\vcruntime140_cor3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\wpfgfx_cor3.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
162.159.61.3
truefalse
    		unknown
    dds.lenovo.com
    		13.215.130.214
    		truefalse
      		unknown
      www.google.com
      		142.250.186.68
      		truefalse
        		unknown
        passport.lenovo.com
        		unknown
        		unknownfalse
          		unknown

          World Map of Contacted IPs

          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs

          Public IPs

          IPDomainCountryFlagASNASN NameMalicious
          142.250.186.68
          		www.google.comUnited States
          		15169GOOGLEUSfalse
          1.1.1.1
          		unknownAustralia
          		13335CLOUDFLARENETUSfalse
          142.250.176.196
          		unknownUnited States
          		15169GOOGLEUSfalse
          142.250.65.174
          		unknownUnited States
          		15169GOOGLEUSfalse
          216.58.206.72
          		unknownUnited States
          		15169GOOGLEUSfalse
          13.107.21.239
          		unknownUnited States
          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          104.102.20.239
          		unknownUnited States
          		16625AKAMAI-ASUSfalse
          13.107.42.16
          		unknownUnited States
          		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
          142.250.80.67
          		unknownUnited States
          		15169GOOGLEUSfalse
          162.159.61.3
          		chrome.cloudflare-dns.comUnited States
          		13335CLOUDFLARENETUSfalse
          142.250.65.227
          		unknownUnited States
          		15169GOOGLEUSfalse
          13.215.130.214
          		dds.lenovo.comUnited States
          		16509AMAZON-02USfalse
          23.201.163.250
          		unknownUnited States
          		16625AKAMAI-ASUSfalse
          172.64.41.3
          		unknownUnited States
          		13335CLOUDFLARENETUSfalse
          142.250.186.99
          		unknownUnited States
          		15169GOOGLEUSfalse

          General Information

          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1529039
          Start date and time:2024-10-08 15:26:40 +02:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:28
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Sample name:USBRecoveryCreator.exe
          Detection:SUS
          Classification:sus36.evad.winEXE@14/96@13/122
          Cookbook Comments:
          • Found application associated with file extension: .exe

          Warnings

          • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
          • Excluded IPs from analysis (whitelisted): 104.102.20.239, 13.107.42.16, 142.250.186.99, 216.58.206.72
          • Excluded domains from analysis (whitelisted): fs.microsoft.com
          • Not all processes where analyzed, report is missing behavior information
          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
          • Report size getting too big, too many NtDeviceIoControlFile calls found.
          • Report size getting too big, too many NtEnumerateValueKey calls found.
          • Report size getting too big, too many NtOpenKeyEx calls found.
          • Report size getting too big, too many NtProtectVirtualMemory calls found.
          • Report size getting too big, too many NtQueryValueKey calls found.
          • VT rate limit hit for: USBRecoveryCreator.exe

          Created / dropped Files

          C:\ProgramData\Lenovo\USBRecoveryCreator\Patch.zip

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:Zip archive data, at least v2.0 to extract, compression method=store
          Category:modified
          Size (bytes):5048993
          Entropy (8bit):7.998646744279036
          Encrypted:true
          SSDEEP:
          MD5:5579924E216E6338A505101AB5AA8027
          SHA1:F65FCCC0E0712F6411D0018698961A30EE67A897
          SHA-256:91D28B9070309FC7AAD9F5871FEC914462440414A1373B6873F85FB2168E2783
          SHA-512:B981C63CA62E13141FA4F60A34E478B61BAD342D74F1F85806CD9021FD5C8BBAAB4D6D7EC661D62140FF5CD9B58CC1B7A41E2551D2141771CA0C07F0E1065C1D
          Malicious:false
          Reputation:unknown
          Preview:PK.........y.V................Patch/PK........}h.V................Patch/EFI/PK.........h.V................Patch/EFI/Boot/PK........NB.V.yxo|...HY......Patch/EFI/Boot/bootaa64.efi.].\L]..3.{.(K..D.V%QZdIi!{."5**k%..B...B.Z.d....,!d...{.3s.w*y.....1...<.y.9w.=7...... $...O.($pq ~]*.[Y..2.W..}!g@i{..... :jLt.x^P@ddT,/0..=1....s.....1UR.....>8..a.%|...k'R.Y{=..h..#..h..'.T.._........F.....B..[..]).).Z..O...C..&......K...W..U....u.`-MkC.j`........&,..O.C(*.....D[.!...&...Q.{.! .u.46$>......4..L..A...F.D..D<Y...c0_[./8 6.}.d.....G.P...b$}.|%&#\+..`......S1../..Z7.......+S..z...z..J.J.#.*..)....)....)....)...uq.T..f\.0......!.IL$"....D.."...`..4WU...E.,V|..X....!.n|.....%.e...QA.z.....!#+C.jY...E$..........k..Pm.".bq$.{q....?......E..).c.......jnad..~q......../../_..U.b.q~.......$.q.6)yf...is...`...K.f,[."se..k..^.a._.6..n.-o.....v..o.A....9z..x..N.)9{......._.z.....n.{.....U..?yZ.......^.y.......>.........+!)%-#+'........B]C.e+-..m.....

          C:\ProgramData\Lenovo\USBRecoveryCreator\SanitizerOptions.json

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
          Category:dropped
          Size (bytes):911
          Entropy (8bit):3.544734095128017
          Encrypted:false
          SSDEEP:
          MD5:C4711B26E28C6CCD711DA715EA6696B5
          SHA1:7B79E3AF6D3499ECA004E939E75B57AD6C7D00FF
          SHA-256:34901C4DE00478CB615C34CF48CF9D255B10B2F35A24400C6D7A9B302FA923C2
          SHA-512:82793C3F37CFBA8264D30F9B47B675576322BCE15BD86E0F80958A3C731D8F11BE8E7A210F633CBA24321420E12E84C1017E08920377B17E6F785F41075A6837
          Malicious:false
          Reputation:unknown
          Preview:.{.. "DefaultMaskValue": "#",.. "ConfigurationValue": [.. {.. "id": 1,.. "XmlMask": {.. "MaskValue": "#",.. "IsFullMasking": false,.. "Sensitivity": [.. {.. "TargetProperties": [.. "Password",.. "password",.. "PASSWORD".. ],.. "Positions": {.. "Left": 1,.. "Center": 1,.. "Right": 1.. }.. }.. ].. },.. "JsonMask": {.. "MaskValue": "#",.. "IsFullMasking": false,.. "Sensitivity": [.. {.. "TargetProperties": [.. "Password",.. "password",.. "PASSWORD".. ],.. "Positions": {.. "Left": 3,.. "Center": 3,.. "Right": 3.. }.. }.. ].. }.. }.. ]..}

          C:\ProgramData\Lenovo\USBRecoveryCreator\ThirdPartyNotices.txt

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:Unicode text, UTF-8 text, with very long lines (755), with CRLF line terminators
          Category:dropped
          Size (bytes):94420
          Entropy (8bit):5.188380685218441
          Encrypted:false
          SSDEEP:
          MD5:0339F8FC3E6CFC8341739DE50AAC0A98
          SHA1:3B8BC7E2AD9D7E8BF03F08CCE9EEA9CFD3AD8F4F
          SHA-256:C4822AE881BF9FCEE59201CE4CEC45B2E0C02ED57E413D8F5D77B1751BC26A00
          SHA-512:EEE4883785BFCA34810BE26522BA294EC9AC83EB77C434B3CE9455C1900C43EA68EB35DF69B0FB0C12467FCD7D3ADD1BA44E09093B32B238F93DA8CC7194664D
          Malicious:false
          Reputation:unknown
          Preview:Third-Party Software for Digital Download Recovery Service (DDRS) (exe), v4.0.xx....The following 3rd-party software packages may be used by or distributed with Digital Download Recovery Service (DDRS) exe package. Any information relevant to third-party vendors listed below are collected using common, reasonable means.....Date generated: 2024-1-18..Revision ID: 9fe37d496db81e9112bcbfa189f6a8340bf0ef5b..--------------------------------------------------------------------------------..Package Title: JSanitizer (3.0.1)..--------------------------------------------------------------------------------....* Declared Licenses *..MIT....Copyright (c) Copyright (c) 2020 by Joever Monceda....Permission is hereby granted, free of charge, to any person obtaining a copy..of this software and associated documentation files (the "Software"), to deal..in the Software without restriction, including without limitation the rights..to use, copy, modify, merge, publish, distribute, sublicense, and/or sel

          C:\ProgramData\Lenovo\USBRecoveryCreator\USBComponent.dll

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
          Category:dropped
          Size (bytes):179472
          Entropy (8bit):6.415661387821956
          Encrypted:false
          SSDEEP:
          MD5:1409131E6569C2CB218B2A49AE0D1B1B
          SHA1:606E707DE959ACE800585AAB9E858B87BB92A7A7
          SHA-256:84FCEB783037C2B8A2A3059EBC76D8CAEA7F075AF9BB282D089FFBC199ED9598
          SHA-512:3E6807470392177F31F50C4003F299288F3E1676555086AABB1B12F1CA19A423AC770DE561D7DAFBD83AB7CC55A03423C68E22BECB2F822F9208252CF7A55980
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........G...&...&...&...^...&...T...&..sX...&...t...&...&...&..sX...&..sX...&..sX...&...Y...&...Y...&...Y{..&...&...&...Y...&..Rich.&..........................PE..L...sg/f...........!...$.t...(......................................................R....@............................D................................)......p......p....................k......(...@...............x...............H............text....r.......t.................. ..`.rdata..j............x..............@..@.data................x..............@....rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................................................................................

          C:\ProgramData\Lenovo\USBRecoveryCreator\msvcp140.dll

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):448408
          Entropy (8bit):6.693790505404224
          Encrypted:false
          SSDEEP:
          MD5:DC739066C9D0CA961CBA2F320CADE28E
          SHA1:81ED5F7861E748B90C7AE2D18DA80D1409D1FA05
          SHA-256:74E9268A68118BB1AC5154F8F327887715960CCC37BA9DABBE31ECD82DCBAA55
          SHA-512:4EB181984D989156B8703FD8BB8963D7A5A3B7F981FE747C6992993B7A1395A21F45DBEDF08C1483D523E772BDF41330753E1771243B53DA36D2539C01171CF1
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)..$m..wm..wm..w...vo..wd..w{..wm..w...w..vn..w..vf..w..vd..w..v...w..vl..w..wl..w..vl..wRichm..w........................PE..L...$..i.........."!...$.....z...............0.......................................,....@A........................@Z......<c...........................O.......5...U..T............................T..@............`..4............................text............................... ..`.data...L'...0......................@....idata..^....`.......6..............@..@.rsrc................N..............@..@.reloc...5.......6...R..............@..B........................................................................................................................................................................................................................................................................................................

          C:\ProgramData\Lenovo\USBRecoveryCreator\vcruntime140.dll

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):90520
          Entropy (8bit):6.936349345750277
          Encrypted:false
          SSDEEP:
          MD5:1D4FF3CF64AB08C66AE9A4013C89A3AC
          SHA1:F9EE15D0E9B0B7E04FF4C8A5DE5AFCFFE8B2527B
          SHA-256:65F620BC588D95FE2ED236D1602E49F89077B434C83102549EED137C7FDC7220
          SHA-512:65FBD68843280E933620C470E524FBA993AB4C48EDE4BC0917B4EBE25DA0408D02DAEC3F5AFCD44A3FF8ABA676D2EFF2DDA3F354029D27932EF39C9FDEA51C26
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........j..9..9..9...8..9..Y9..9..9...9y..8..9y..8..9y..8...9y..8..9y.59..9y..8..9Rich..9........PE..L...b............."!...$.....................................................P.......h....@A................................. .......0...................O...@.......$..T............................#..@............ ...............................text............................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):2278
          Entropy (8bit):3.850625322628129
          Encrypted:false
          SSDEEP:
          MD5:3D419D146B0D2B1123313748355FBC19
          SHA1:7BFA8EC790E35741CFD0B2ECBE75A6AECAFEF9EC
          SHA-256:469F05C3C533EF0E18E197DD8D86B83F40689A3EEC17BF81410EDBA5356B6F7B
          SHA-512:62A679AE7A1BA1D4D737D119678922BFB0C54EB5B08A70B911B6D1783B63F25D2693638E9D420EFC2A09FD36E73D70D4954618F9B63DB6B7531711FACD8F0FFE
          Malicious:false
          Reputation:unknown
          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.L.m.s.T.I.4.Z.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.9.Y.y.G.Z.r.

          C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):2684
          Entropy (8bit):3.912879467044931
          Encrypted:false
          SSDEEP:
          MD5:E5F7DD6C3057938E27CF99C32D680EF3
          SHA1:423A0D2D7C87F9A87A92EF0DEEAE27CD8BF8D692
          SHA-256:70D88C6F293291BCFCFA557BE52B03C49503D8F452E184CE71B97682F0A0DF68
          SHA-512:94910140657C36A56D205718AD8C2D18597452237C59F89C46772F2073E1ED8C8E980A373C0FFD17A4C848BB59B34B6B39B471C23A1973EA1F5F318C3A728577
          Malicious:false
          Reputation:unknown
          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".u.g.a.G.Y.1.c.4.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.9.Y.y.G.Z.r.

          C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\D3DCompiler_47_cor3.dll

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):4127200
          Entropy (8bit):6.577665867424953
          Encrypted:false
          SSDEEP:
          MD5:3B4647BCB9FEB591C2C05D1A606ED988
          SHA1:B42C59F96FB069FD49009DFD94550A7764E6C97C
          SHA-256:35773C397036B368C1E75D4E0D62C36D98139EBE74E42C1FF7BE71C6B5A19FD7
          SHA-512:00CD443B36F53985212AC43B44F56C18BF70E25119BBF9C59D05E2358FF45254B957F1EC63FC70FB57B1726FD8F76CCFAD8103C67454B817A4F183F9122E3F50
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........!7P.OdP.OdP.Od..NeR.OdP.Nd..OdY..dU.Od.Jem.Od.KeQ.Od...dQ.Od..Leo.Od..Je..Od..OeQ.Od..Ge..Od..Kec.Od...dQ.Od..MeQ.OdRichP.Od................PE..L..................!.....2<..*...............P<...............................?.......?...@A.........................<<.u.....=.P.....=.@.............>..%....=.........T....................u..........@.............=..............................text...e0<......2<................. ..`.data...`"...P<......6<.............@....idata........=.......<.............@..@.rsrc...@.....=.......<.............@..@.reloc........=.......<.............@..B........................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\Lenovo.CertificateValidation.Native.dll

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):308120
          Entropy (8bit):6.5270976270211145
          Encrypted:false
          SSDEEP:
          MD5:7DDEAD2E0D92DAAEAE6AB4F21CA7A531
          SHA1:2CDEB0159EE506A1E8C8AE83DC748B04029231DD
          SHA-256:A6F1860F33E317A81C709B148B4092C3A8CEE32B22B4EA0CE1516CE5F78E7BAE
          SHA-512:763EAEC945C6C278F8FC9A99A41DD70AF8E43E3520BEB22CCB03386AE05B4086B3CDE8C2029EDEBE32222A87AFC2B8CA4489A1CE8575DA19A83043CF7F59E12D
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l.;(..h(..h(..hM..i%..hM..i...hM..i>..h...i8..h...i<..h...i`..hM..i%..h(..h...h1..i$..h1..i)..h1..h)..h(.gh)..h1..i)..hRich(..h........................PE..L......e...........!...$.............................................................E....@.........................PK......HL...........................-.......!.. #..p....................#......`"..@............................................text...,........................... ..`.rdata...x.......z..................@..@.data...P....`.......N..............@....rsrc................^..............@..@.reloc...!......."...d..............@..B................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\PenImc_cor3.dll

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):145584
          Entropy (8bit):6.44368804805963
          Encrypted:false
          SSDEEP:
          MD5:0E923198D6660D145829396114559AAF
          SHA1:40D1305B74DD87E436B0926ED932170F4DF6528E
          SHA-256:D81A2D6FE9AB98CCEABE0C69733354C5A2FAB9C6C0504AFD71BDFBFA3F6F105A
          SHA-512:BBAB38BA02C6FC4846B8A9540B0296CA16C59210E1FD9C1EE8D44A04E86C89E0FC07DA25A61FAF2DC62769F25B3702F35CFA024CFFA45D5D7CF8E386250F3579
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j.,w..B$..B$..B$'..$$.B$..G%..B$..F%!.B$..A%$.B$:.F%-.B$:.C%!.B$..C$..B$$.J%#.B$$.B%/.B$$.$/.B$...$/.B$$.@%/.B$Rich..B$................PE..L.....kd...........!...$.L...................p...............................@.......<....@A........................@................... -...............(... ..........p...........................P...@............p...............................text...:H.......J.................. ..`.orpc........`.......N.............. ..`.rdata...m...p...n...P..............@..@.data...............................@....rsrc... -..........................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\PresentationNative_cor3.dll

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):945840
          Entropy (8bit):6.31976158432139
          Encrypted:false
          SSDEEP:
          MD5:30B4AB45B16937BE431DA52F18FB289A
          SHA1:EF9E3ABAF5B11FF27D5756E178E404F77BA2074C
          SHA-256:BEAF19CCB4038490860311B33749111D452D5AF87287597C3CB232F7275E6BF7
          SHA-512:7E6E580200A4ACE2553A546F61517E67ED83083066CB1D78497DE49CAA9CBB6041B44035C855FC8D7FCD5EBC674639B1D4E3E0394B7073809CB0F63FDD78FFC2
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h.o...<...<...<.q.<...<.t.=...<.t.=...<.t.=...<.b.=...<...<...<.w.=...<.w.=...<.wa<...<...<...<.w.=...<Rich...<........................PE..L.....6d...........!...$.....Z...............................................p......v.....@A............................\...l........ ...............F...(...0...;......p...............................@............................................text............................... ..`.rdata..............................@..@.data...|...........................@....rsrc........ ......................@..@.reloc...;...0...<..................@..B................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\WebView2Loader.dll

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):115624
          Entropy (8bit):6.470572997559548
          Encrypted:false
          SSDEEP:
          MD5:578B9A2D5BAA0DC780BD20B7D68F3E7D
          SHA1:C17A61599736E5C5FA344251E7757C239FAB5094
          SHA-256:75EC3D7FAAF3F8A7E390D229678CF54C606F3DC2312C00531C58406D90F93156
          SHA-512:A052A9DBD606EF94847FDC6102BAA4E4F24120FCF3E53C4E6DD7D9AAB5F120C40C4B33080808B25076D463854DBC055350AA2629D1DBC060288D48A38642B90C
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L.....Od.........."!.................?...............................................c....@A........................-t.......u..(........................'..........Dm..8....................j......`................v..<....r..`....................text...#........................... ..`.rdata...t.......v..................@..@.data...,............t..............@....00cfg...............~..............@..@.tls................................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\runtimes\win-arm64\native\WebView2Loader.dll

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:PE32+ executable (DLL) (console) Aarch64, for MS Windows
          Category:dropped
          Size (bytes):135656
          Entropy (8bit):6.08860710021013
          Encrypted:false
          SSDEEP:
          MD5:F88D5949A163BDBB67E0658B9E67CCE0
          SHA1:18357C24AB8B5B5EC735826A30B606C032F09F4D
          SHA-256:9D47338D5F8DDE0C524E61C9A8A8461EB51D930B795AC4FBE0D1D73D8BFEC790
          SHA-512:FD22FB91114E3FC2A4B6A633DDC4A0BCEBE3ED127DF68733E6472F395E59B0077254EB442B4607C62CECCE358275540933C7B5111032553A0E4F76C43AA89FC5
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....Od.........." .....*.......... R.......................................P......J.....`A..................................................(....0...................'...@.........8...................h...(... A..@...........p...h...h...`....................text...p).......*.................. ..`.rdata..4....@......................@..@.data...............................@....pdata..............................@..@.00cfg.. ...........................@..@.tls......... ......................@....rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\runtimes\win-x64\native\WebView2Loader.dll

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
          Category:dropped
          Size (bytes):160184
          Entropy (8bit):6.183536777437394
          Encrypted:false
          SSDEEP:
          MD5:211EB02C92C5067CD404DA51E268578E
          SHA1:19A56B61FB0BB5E276BDE08E427CB59BF7507EF2
          SHA-256:3AB69D8EF2D1A9C6299D760E86D9D0C3E418B834F96B8FE48623F9673CE6B4E2
          SHA-512:E151D34DD355A908D33F366EC08F8F47118E62E0AD3F8E8D53AA34D104EE6372FC73901D72C366C9F5787983EA0A6B2AE27D151E0771FA90E2AFAEFFC32F672B
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....Od.........." .....H..........pF..............................................|(....`A....................................................(............@.......J...'..............T.......................(....a..@...................H...`....................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data........ ......................@....pdata.......@......................@..@.00cfg..8....`......."..............@..@.gxfg........p.......$..............@..@.retplne.............6...................tls.................8..............@..._RDATA..\............:..............@..@.rsrc................<..............@..@.reloc...............B..............@..B................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\vcruntime140_cor3.dll

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):90520
          Entropy (8bit):6.94127019484021
          Encrypted:false
          SSDEEP:
          MD5:D0759E488C49C192B57500ECDBB1F923
          SHA1:8473188B99A665D0F42047843DB4BCECF2906A1C
          SHA-256:F2C1FCB7D47B05476BF2579B8CD21197475D85D1502B7363CDF1DC4748D7780E
          SHA-512:551947BB30E745D001A9084E51D610F1E2D20B07576922BE96851496E8121807355777E4DE363BF2E016BE8C3E7753A2F03E8BC5BE96B1F419728494F7722DBC
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........j..9..9..9...8..9..Y9..9..9...9y..8..9y..8..9y..8...9y..8..9y.59..9y..8..9Rich..9........PE..L...b............"!...$.....................................................P......./....@A................................. .......0...................O...@.......$..T............................#..@............ ...............................text............................... ..`.data...............................@....idata....... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\AppData\Local\Temp\.net\USBRecoveryCreator\1bdc\wpfgfx_cor3.dll

          Download File
          Process:C:\Users\user\Desktop\USBRecoveryCreator.exe
          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
          Category:dropped
          Size (bytes):1804976
          Entropy (8bit):6.558105251240892
          Encrypted:false
          SSDEEP:
          MD5:9FA58C3DE101CFD358369DD9258C2630
          SHA1:D278BCCF58B98BFED5F8312AE1CE905483A9FBC7
          SHA-256:F0E980AEC96D8143FAFB688C5DC853E5DE08AB5DCE175267273D975A18F494F6
          SHA-512:1537E5E9E9FC31CF5093A57C56CBDDC58F5CB4CAD16414C47EEBE98C25B592F81B6CE1CD7B3100A8011AB940E4426450A76C3C2DF5F503BAA0CCE1039D27B96A
          Malicious:false
          Antivirus:
          • Antivirus: ReversingLabs, Detection: 0%
          Reputation:unknown
          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........b....jR..jR..jR.hmS..jR.hoS..jR.{.R..jR$}oS..jR$}nS..jR$}iS..jR.hnS..jR.hkS..jR..kR..jR.|cS'.jR.|jS..jR.|.R..jR...R..jR.|hS..jRRich..jR........................PE..L.....kd...........!...$.B...R....... .......`......................................vj....@A........................ .......<...@....p...............b...(......T?..P...p...............................@............`......T...`....................text....@.......B.................. ..`.rdata..6c...`...d...F..............@..@.data...p........X..................@....didat.......`......................@....rsrc........p......................@..@.reloc..T?.......@..."..............@..B................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\0ba7d819-f360-4626-b4fb-4b6a653ac16c.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):16243
          Entropy (8bit):6.072353008075773
          Encrypted:false
          SSDEEP:
          MD5:4CCD2DAE33A28289FCC319243D916993
          SHA1:31AE79E608234CEC1FAA43C2007169F3BEA9F0AD
          SHA-256:DC02E0D2D93AF6E7041C542C236C43542B02BAAECA4C8565B687400D96F9A89D
          SHA-512:D4CE7967FD2691C50EC2DCB7356F2C8285991359BFD8081EC2CCC5032939E438ECDEB94A540A4083E2B3623C0022E88A7FEC3DD0870A8F3DDB3F3B645E78CB56
          Malicious:true
          Reputation:unknown
          Preview:{"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9bg4RrXXNO75rZP7g1w/1aaZAk99bcwwrd+60CgXvZJno/tfDn1MAzNef5EmQG9hx+Mj4pBuKmBh6qzC9yF/7x89888s5ncoKbxsbgWWNtU+JmxVZA2oYva8FrLrqF2DUXsrJ2KXwr0/CXgtVOFdSVIvjjx8W9VrKg+JWx1tWomxSUkiI+wFYAylyIrpUXMIDiDphr4CD6Prz/CR+kN8LhjZk9gjxNSSPG+x6kJHG/VN

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\246e527c-8108-42ea-be7a-ff7f7c6b46e4.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:modified
          Size (bytes):17477
          Entropy (8bit):6.067214133779568
          Encrypted:false
          SSDEEP:
          MD5:7F179D69BE1ED6446AD473774CA57BB3
          SHA1:8A650BA78D96B4DF14F4078F8360D829873888B1
          SHA-256:6F9A6E90E638B5D02C5B343816078071CCBE2C2F3E944924ECF910EEC0F2BD59
          SHA-512:BDCE31FB29F88147F30531D14117C66C818F4EA312501710E3F3B1DB8475A2E3BFF8B1C067325B0674FCA7EBE7965F28569F3DCED277473D57BF44B2FF1B318C
          Malicious:true
          Reputation:unknown
          Preview:{"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9bg4RrXXNO75rZP7g1w/1aaZAk99bcwwrd+60CgXvZJno/tfDn1MAzNef5EmQG9hx+Mj4pBuKmBh6qzC9yF/7x89888s5ncoKbxsbgWWNtU+JmxVZA2oYva8FrLrqF2DUXsrJ2KXwr0/CXgtVOFdSVIvjjx8W9VrKg+JWx1tWomxSUkiI+wFYAylyIrpUXMIDiDphr4CD6Prz/CR+kN8LhjZk9gjxNSSPG+x6kJHG/VN

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\3f2621aa-bb61-4f6d-9263-164c8242a7de.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2054
          Entropy (8bit):5.457602145833757
          Encrypted:false
          SSDEEP:
          MD5:EC9FB98E09213B4192667AEC3BF65030
          SHA1:BD90138B52FD593C4071EF31846F71F9CCCF5B2E
          SHA-256:A6B85B2EF370772DDD78A2C33906AE7A5F48BADBB9859D2B2FC1091445594911
          SHA-512:B453388E5F2A18E593092EBF74400C840E9CE8C2DA23A3C301264E09F432FAE4887923CA6FF19FF5B8F5B4973DB1DC4C0AFC17DC50E486689093909E80B8C3F2
          Malicious:true
          Reputation:unknown
          Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD1jIZms4SSRLPckOuAZwbiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABkoeQdphmB2eMdtY/ciCjHDDm+an1EuIYSUZHzt2vZ2gAAAAAOgAAAAAIAACAAAABQdbzn9RWlRJ/LSHKo8lfecOw4mDNE/amNd528y5z1/jAAAAD8Hz+rsA4mDan6jZDhwu0RThsYGsuU9cvLCOQj0o+ClIKLMgItsOZyaQyCKRNecwBAAAAAh+R7J2ZPs7L13KfhGcT73nTIB7lcf5rr9nnKl6DrvKy3eKpu1MnC7HBlFPhMK4TmCHOYNwrFCngCxfCjE0CE0Q=="},"policy":{"last_statistics_update":"13372867663596755"},"profile":{"info_cache":{},"profile_counts_reported":"13372867663622773","profiles_order":[]},

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\5301e1b9-15c2-49f0-95dd-104cd89f2234.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2901
          Entropy (8bit):5.29175198715765
          Encrypted:false
          SSDEEP:
          MD5:68752F2B25C2F42CB78D661505E9DEDB
          SHA1:BA8189AFF0C1353791E66C11DD466AF322AC5FA1
          SHA-256:AE70F7B92BED8CD0FFCFE3C217416BCE786D56AA144D53D9602256A080020869
          SHA-512:4B6D240E432C738A6D44E35CBC3BA01F8309DC39572BF4C42710748BD2C06A9B6FD76FE6738745D31559D3DB2C74E8A8D0E03EB1523112831307E961DCD4630C
          Malicious:true
          Reputation:unknown
          Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD1jIZms4SSRLPckOuAZwbiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABkoeQdphmB2eMdtY/ciCjHDDm+an1EuIYSUZHzt2vZ2gAAAAAOgAAAAAIAACAAAABQdbzn9RWlRJ/LSHKo8lfecOw4mDNE/amNd528y5z1/jAAAAD8Hz+rsA4mDan6jZDhwu0RThsYGsuU9cvLCOQj0o+ClIKLMgItsOZyaQyCKRNecwBAAAAAh+R7J2ZPs7L13KfhGcT73nTIB7lcf5rr9nnKl6DrvKy3eKpu1MnC7HBlFPhMK4TmCHOYNwrFCngCxfCjE0CE0Q=="},"policy":{"last_statistics_update":"13372867663596755"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://t

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\6fd7a13f-0753-4d03-b0e5-eb9627615cf1.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):951
          Entropy (8bit):5.697368202273589
          Encrypted:false
          SSDEEP:
          MD5:89EB698BF8E2FF9024256FC2C30D1B69
          SHA1:AAF98715F404B15C09ED83ED325433FA248E6EC1
          SHA-256:94666DF8A2277980093A40F94405624B7E3B07DE81EC439806760312B74408E5
          SHA-512:2EBD58432DDB8EDE172EC85FC791F114E8D1B06AA7BC8E4AD7CE5CC0E08571070B378A970B1C8C4F6E015A5526DBC05574BFBD7F69DD7F25764D69A9BC871433
          Malicious:true
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD1jIZms4SSRLPckOuAZwbiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABkoeQdphmB2eMdtY/ciCjHDDm+an1EuIYSUZHzt2vZ2gAAAAAOgAAAAAIAACAAAABQdbzn9RWlRJ/LSHKo8lfecOw4mDNE/amNd528y5z1/jAAAAD8Hz+rsA4mDan6jZDhwu0RThsYGsuU9cvLCOQj0o+ClIKLMgItsOZyaQyCKRNecwBAAAAAh+R7J2ZPs7L13KfhGcT73nTIB7lcf5rr9nnKl6DrvKy3eKpu1MnC7HBlFPhMK4TmCHOYNwrFCngCxfCjE0CE0Q=="},"uninstall_metrics":{"installation_date2":"1728394063"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":2297,"pseudo_low_entropy_source":1983,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13372867663433211","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\BrowserMetrics-spare.pma (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1045BFD216AE1AE480DD0EF626F5FF39
          SHA1:377E869BC123602E9B568816B76BE600ED03DBD0
          SHA-256:439292E489A0A35E4A3A0FE304EA1A680337243FA53B135AA9310881E1D7E078
          SHA-512:F9F8FCC23FC084AF69D7C9ABB0EF72C4684AC8DDF7FA6B2028E2F19FD67435F28534C0CF5B17453DFE352437C777D6F71CFE1D6AD3542AD9D636263400908FD2
          Malicious:true
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\BrowserMetrics-spare.pma.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):1310720
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:1045BFD216AE1AE480DD0EF626F5FF39
          SHA1:377E869BC123602E9B568816B76BE600ED03DBD0
          SHA-256:439292E489A0A35E4A3A0FE304EA1A680337243FA53B135AA9310881E1D7E078
          SHA-512:F9F8FCC23FC084AF69D7C9ABB0EF72C4684AC8DDF7FA6B2028E2F19FD67435F28534C0CF5B17453DFE352437C777D6F71CFE1D6AD3542AD9D636263400908FD2
          Malicious:true
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Crashpad\settings.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):280
          Entropy (8bit):1.8873942837026088
          Encrypted:false
          SSDEEP:
          MD5:B362A2DDCA7BCC429F85732AD18F8D0C
          SHA1:C380CD7A0B8417D1F71B7D67AF5B7DAECCD11DDE
          SHA-256:7FD60A879705499187E2BDC436CC02F482872E3DA0BE2B9F7C3B0F83F2B4C321
          SHA-512:7447FBB3BABF99CA612117F64EA4B7A7B518AAC1B6D771CAD5F22F17B45AF8DF8852AD396434358DF74F0CB1EC90D7E44ABEEA63CB2DC65046E832AD11AFC265
          Malicious:true
          Reputation:unknown
          Preview:sdPC......................'.;M.O.dzVr...................................................................................................................................................................................................{F3017226-FE2A-4295-8BDF-00C3A9A7E4C.}C:........

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):20
          Entropy (8bit):3.6219280948873624
          Encrypted:false
          SSDEEP:
          MD5:9E4E94633B73F4A7680240A0FFD6CD2C
          SHA1:E68E02453CE22736169A56FDB59043D33668368F
          SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
          SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
          Malicious:true
          Reputation:unknown
          Preview:level=none expiry=0.

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\027a0f36-1d5f-43db-80d9-0c51c5940405.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):6780
          Entropy (8bit):5.580537754134039
          Encrypted:false
          SSDEEP:
          MD5:D3BD083AE860BFF58108E02506E8036A
          SHA1:F40BEB2380ABEA716B152271146AE8AEE95ACA12
          SHA-256:D321FA3A221CCF9D9B5CAC2C2C482D1FA7C2CD1310ED2B0CF68C46E6D569EFDF
          SHA-512:7514735B049C058596A2952E45B0231079D48EFED04B2E209536EADDFC09A6BB25A19CCC31263E44CE1E56D053D2A2DBE3779C9CAF4E666183381F98EC092B2D
          Malicious:true
          Reputation:unknown
          Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13372867663689072","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13372867663689072","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\38a36b08-5554-42c3-af0c-8cf1267052d7.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):6495
          Entropy (8bit):4.859838656668776
          Encrypted:false
          SSDEEP:
          MD5:4BE9C98868B4D0FDEB8860D08F23BEB0
          SHA1:DFCBE5FFA9E8823A58DA4CF8FD502F840F628149
          SHA-256:63F148A52554E9E93AB0B39DD32F0D0BDB67400249DD7707450E5ED61D57B691
          SHA-512:82990C622959AAB505E5ADEB714ECC1EFAC2A77527C0A495E0464C25B5901D0367FC72FBF1679FBFF0C36B58EDB4519E1342833E55A606C2E0CC04DBB6583FF4
          Malicious:true
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372867664178907","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":550,"browser_content_container_width":600,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13372867664099031","domain_diversity":{"last_reporting_timestamp":"13372867664178255"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\39f80b5e-f713-4e1b-86f3-4ccef2e12912.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):5905
          Entropy (8bit):4.836106496442749
          Encrypted:false
          SSDEEP:
          MD5:9DD6A6BD1DD6A27926C5C79632E2FB81
          SHA1:F27434772650DEF195C12D54D23EC0795CCF8FB1
          SHA-256:9612BD8C8086809980F32A9B09B119BDE5A41C4A820D75D84C83E4FB433B1A2B
          SHA-512:CCDC68A67AB3043353372B8CDB1BA92B204B7ECF96B560CB3D4E3BF49352B5C17FDD5E57819CA0EC9E9F773C7E1053FA159A6E94F98141D1046F28809198F5C1
          Malicious:true
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372867664178907","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":550,"browser_content_container_width":600,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13372867664099031","domain_diversity":{"last_reporting_timestamp":"13372867664178255"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\42d11d95-a355-4f26-a41f-510a537d3e4c.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):6393
          Entropy (8bit):4.856830977544024
          Encrypted:false
          SSDEEP:
          MD5:5E7BD5882CB8CEBA5298CD4B52E7D6D3
          SHA1:965BEAC70B1603665D6CD2576F3C56DB954A3C01
          SHA-256:AC8A7BDC584B69D8EC890666B053163C8D7A7BE5E631F71F91B4EDD1D8C541D6
          SHA-512:E3D4063360C128BD443BCE59A228813559DF9737A4456C21E1DDA1F05DF859D318E4DB0519102CF36AD8424D064FDEE1E9EB19B2275659A0D3433989B7583258
          Malicious:true
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372867664178907","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":550,"browser_content_container_width":600,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13372867664099031","domain_diversity":{"last_reporting_timestamp":"13372867664178255"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):45056
          Entropy (8bit):0.25265355233628506
          Encrypted:false
          SSDEEP:
          MD5:7BF753226EE1B489D572E727E812B7AF
          SHA1:52C499EC7826E83BFB39F315E872487B58B96D98
          SHA-256:590D455B21A90DF6EF8F7B76969F69BB3E64F520BCC5CC84AEA47AC91AC8C40D
          SHA-512:4D6F31F9884F1B77DC23ED0C1DC702BE3295763D9C617859C64CDAF2B86519573415D1220A7B6AE4130B481514D53E7DDB04C120B66CC3B98B1D6A9F6772F6B9
          Malicious:true
          Reputation:unknown
          Preview:............$...".......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):0.5043132015940609
          Encrypted:false
          SSDEEP:
          MD5:02A9BCCC686D7FE00DE5BD00F67CE5E5
          SHA1:401514F9BDE5DEDEFD79BC6512E1F1D46A212DAD
          SHA-256:757423D3128D8EEA3A27A6615B18F321E92F30262988ABAEBBF85B4A67E30442
          SHA-512:C6AF407FA7E8C8536611AB95871422FBB21F5E48538ADA4A3C481D5BEBA06457F4AE35CDEDB88FB85228EB51B303FA7E837AEB98DDCD3BDA5978DCE2BED90387
          Malicious:true
          Reputation:unknown
          Preview:................/.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_2

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):1056768
          Entropy (8bit):0.4660234612505231
          Encrypted:false
          SSDEEP:
          MD5:D9254FEEB659A48420656CD0EBB5DD92
          SHA1:5BAC44B3895E6E5B6C849C94408B99A2FCBF4F8E
          SHA-256:392450656378B6CEDD69F27A55B6F2AFBB59D0748C8E9F73849065F03CEA24B4
          SHA-512:B7C31F145AFFD56EA8B446235AD9F351A78D93833F29F713138F4B779262020160145EC63CDB675661A61212E051A078AD4E2E320D24E7F9E40245843A699D9A
          Malicious:true
          Reputation:unknown
          Preview:.....................................................................................?..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_3

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):4202496
          Entropy (8bit):0.596348794073559
          Encrypted:false
          SSDEEP:
          MD5:DEBFFB4F2BC82C06216D986A68DD4E01
          SHA1:7D257E19867E7A87BBA7D245DDEB4E9B4C74EEC8
          SHA-256:347EB4250C44803BFAE0005259095AB67459D2319521231276D3543FB29F7F7C
          SHA-512:99751A81AC09780CF795FE5255D74E7FA28A1B252CBEDFDA855FF26C80E09403718EC6BD81396ECE9F680A3C8EE46911F29575AE360775E33B8B19D34CC1D49F
          Malicious:true
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000001

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:Unicode text, UTF-8 text, with very long lines (49130), with no line terminators
          Category:dropped
          Size (bytes):49132
          Entropy (8bit):5.2263689873475805
          Encrypted:false
          SSDEEP:
          MD5:52BFF3AB2DB3521CD149ACEA0998ED86
          SHA1:7E698B61B1F006F607B743496C83A3D5EAF5563C
          SHA-256:4156C1FFAB188843402933EE546A982822249B6F9E0EA099DAEF4198C527FB8E
          SHA-512:2D44E1A15A96A77A2F705427E4D5787B81C2DAA82A46DC1D067506184EFD999A1D0ED6E7720EB04BE74C0BA720F3A483073382AD2D2FD7DF3B76E873AF28953B
          Malicious:true
          Reputation:unknown
          Preview:@charset "utf-8";*,table{padding:0;margin:0}.userAccount .account-info,table{word-break:break-all}em,i,li,ol,span,ul{list-style:none}body,button,input,select{font-family:Lato-Bold,SegoeUI Light,Microsoft YaHei!important}em,i,span{display:inline-block}body,textarea{overflow:auto}a,abbr,acronym,address,applet,article,aside,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,em,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,object,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{margin:0;padding:0;border:0;vertical-align:baseline;word-wrap:break-word}.checkbox_btn,.pswStrength span,img{vertical-align:middle}table{border-collapse:collapse;border-spacing:0;border:0;word-wrap:break-word}button,input,select{font-size:inherit;font-weight:inherit;-webkit-box-sizing:border-box}article,aside,detai

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000002

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with very long lines (3396)
          Category:dropped
          Size (bytes):213738
          Entropy (8bit):5.537081313027966
          Encrypted:false
          SSDEEP:
          MD5:B135DEEDEB61379B48ADBB6A0D48899F
          SHA1:D86D028408810D034CAD391C6EBD957F29446FF3
          SHA-256:59C6BDBD8A261A61565BADF70310D01041F674CA70D0B8CE3F30D07F9A72938B
          SHA-512:0FFCF5E55DFAB2D210C5C37054164D61F07ED41F3B7B2DF498647E40755A8FBCF96494602CB9DDDFD2E82CDD48C880379137A4342313FC9D8147100876ED3C2C
          Malicious:true
          Reputation:unknown
          Preview:.// Copyright 2012 Google Inc. All rights reserved.. . (function(w,g){w[g]=w[g]||{};. w[g].e=function(s){return eval(s);};})(window,'google_tag_manager');. .(function(){..var data = {."resource": {. "version":"5",. . "macros":[{"function":"__e"},{"function":"__jsm","vtp_javascript":["template","(function(){if(window.performance\u0026\u0026window.performance.getEntriesByType){var a=window.performance.getEntriesByType(\"navigation\");if(0\u003Ca.length)return a=a[0],a=a.loadEventEnd-a.startTime,Math.round(a\/100)\/10}})();"]},{"function":"__jsm","vtp_javascript":["template","(function(){var a=new URLSearchParams(window.location.search);return a=a.get(\"lenovoid.realm\")})();"]},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"timing.page_load_time"},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"timing.page_download_time"},{"function":"__v","vtp_dataLayerVersion":2,"vtp_setDefaultValue":false,"vtp_name":"timing.dns_

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000003

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with very long lines (5945)
          Category:dropped
          Size (bytes):302013
          Entropy (8bit):5.575008771882825
          Encrypted:false
          SSDEEP:
          MD5:DF535209955B44D75F3A39AD0D69F240
          SHA1:E84C43353BCADD580086958AFC06B0979785F36C
          SHA-256:A3F71B3CDC20A58E0BFE6A4264EA53DDC3CE287CA78EE0AA6BC96245C9135B81
          SHA-512:FE6D6E2D56F3D0E0EB74F7579F2E873D2F3657DE538EC485B00B59114C5D730981034A5E2FC76B4F6E70C73128F382DBE97A420F96A05F2A5373310E9159844C
          Malicious:true
          Reputation:unknown
          Preview:.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":12,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regionValue":"","vtp_countryValue":"",

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000004

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:Unicode text, UTF-8 text, with very long lines (51681), with no line terminators
          Category:dropped
          Size (bytes):51737
          Entropy (8bit):5.709022809150113
          Encrypted:false
          SSDEEP:
          MD5:79E631B90D9C8B6F69DD6DB79318C60A
          SHA1:7FA7539342C718F5A4A1C7F3BE221DE6728F0E72
          SHA-256:5633044BF2D6828B04B980E8C7706A320E4485865C337BEAE5AD9D5D0AD945D2
          SHA-512:CA1CFBAB142BC2E6C37DEDF674874896301F9DBC826D3F14F65D1EC1086068A690E17D8F72F3E2BCD1CFF695D09D1DEF2F0F5DB2C1F089902B2AD4C89CAEA9E4
          Malicious:true
          Reputation:unknown
          Preview:!function(t,e){"object"==typeof exports?module.exports=exports=e():"function"==typeof define&&define.amd?define([],e):t.CryptoJS=e()}(this,function(){var F,P,L,l,t,W,O,I,U,K,j,Z,T,X,N,V,q,G,J,Y,Q,t1,e,i1,r1,n1,o1,n,s,a,o,c,h,f,s1,a1,c1,h1,i,l1,d,f1,d1,u1,r=function(h){var r;if(!(r=!(r=!(r="undefined"!=typeof window&&window.crypto?window.crypto:r)&&"undefined"!=typeof window&&window.msCrypto?window.msCrypto:r)&&"undefined"!=typeof global&&global.crypto?global.crypto:r)&&"function"==typeof require)try{r=require("crypto")}catch(r){}var i=Object.create||function(t){return e.prototype=t,t=new e,e.prototype=null,t};function e(){}var t={},n=t.lib={},o=n.Base={extend:function(t){var e=i(this);return t&&e.mixIn(t),e.hasOwnProperty("init")&&this.init!==e.init||(e.init=function(){e.$super.init.apply(this,arguments)}),(e.init.prototype=e).$super=this,e},create:function(){var t=this.extend();return t.init.apply(t,arguments),t},init:function(){},mixIn:function(t){for(var e in t)t.hasOwnProperty(e)&&

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000005

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with very long lines (22564), with no line terminators
          Category:dropped
          Size (bytes):22564
          Entropy (8bit):4.914327749178371
          Encrypted:false
          SSDEEP:
          MD5:DBFDFA2CBAF33B4D0C60FA6E1C4110B7
          SHA1:127DB9A228A8E76FEE70D2E7F2FCD39FA06785FE
          SHA-256:66F30386AE24AF26C5312BF4AC55B61EC74AF844EA5C58DEEF1C6D41AA40D3F6
          SHA-512:1FD77B43503C48D66EE4B101F22588DC9AA9FB9818FEC4BBAF388C40FD0B37E023A0656F07F768C439E7A84CE05FAF55F3E94BFDD5823A1616CF9E638184BB26
          Malicious:true
          Reputation:unknown
          Preview:var weekPswTab=[{password:"Usuckballz1"},{password:"Soso123aljg"},{password:"Mailcreated5240"},{password:"fuck_inside"},{password:"Passw0rd"},{password:"8J4yE3Uz"},{password:"Password1"},{password:"Turkey50"},{password:"1Passwor"},{password:"Sojdlg123aljg"},{password:"Passwor1"},{password:"PolniyPizdec0211"},{password:"7uGd5HIp2J"},{password:"vSjasnel12"},{password:"Michael1"},{password:"Good123654"},{password:"sasha_007"},{password:"Kordell1"},{password:"Misfit99"},{password:"Letmein1"},{password:"Password123"},{password:"Trustno1"},{password:"Welcome1"},{password:"5Wr2i7H8"},{password:"Jordan23"},{password:"Mustang1"},{password:"55BGates"},{password:"Aa123456"},{password:"Qwerty123"},{password:"3rJs1la7qE"},{password:"Groupd2013"},{password:"Charlie1"},{password:"Madala11"},{password:"1Michael"},{password:"1234567aA"},{password:"L58jkdjP!"},{password:"Gandalf1"},{password:"rt6YTERE"},{password:"P@ssw0rd"},{password:"x72jHhu3Z"},{password:"William1"},{password:"Russian7"},{password:"J

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000006

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:C source, Unicode text, UTF-8 text, with very long lines (28643), with no line terminators
          Category:dropped
          Size (bytes):28649
          Entropy (8bit):5.56467374089227
          Encrypted:false
          SSDEEP:
          MD5:BA7C8185E0047874007C17C3A6B90D16
          SHA1:D001ADD245EF15327F915C50301E92549A589ACD
          SHA-256:5C2BB365B4912F2B31BBD39035BFC12C0AF526ADD71F6E8CC8F21BDED38B1250
          SHA-512:A4386083FA173748E68ED6BE9253D48BD32C8120168E25DF369CFD97291549248791D0BB4F61DEC5B36CD093F2E9E08EFFAA1E5F806DABD01CFD38636D9CABEC
          Malicious:true
          Reputation:unknown
          Preview:!function(e,t){"undefined"!=typeof window&&"function"==typeof define&&define.amd?define(t):"undefined"!=typeof module&&module.exports?module.exports=t():e.exports?e.exports=t():e.Fingerprint2=t()}(this,function(){function d(e,t){e=[e[0]>>>16,65535&e[0],e[1]>>>16,65535&e[1]],t=[t[0]>>>16,65535&t[0],t[1]>>>16,65535&t[1]];var a=[0,0,0,0];return a[3]+=e[3]+t[3],a[2]+=a[3]>>>16,a[3]&=65535,a[2]+=e[2]+t[2],a[1]+=a[2]>>>16,a[2]&=65535,a[1]+=e[1]+t[1],a[0]+=a[1]>>>16,a[1]&=65535,a[0]+=e[0]+t[0],a[0]&=65535,[a[0]<<16|a[1],a[2]<<16|a[3]]}function g(e,t){return 32==(t%=64)?[e[1],e[0]]:t<32?[e[0]<<t|e[1]>>>32-t,e[1]<<t|e[0]>>>32-t]:[e[1]<<(t-=32)|e[0]>>>32-t,e[0]<<t|e[1]>>>32-t]}function h(e,t){return 0==(t%=64)?e:t<32?[e[0]<<t|e[1]>>>32-t,e[1]<<t]:[e[1]<<t-32,0]}function f(e){return e=T(e,[0,e[0]>>>1]),e=m(e,[4283543511,3981806797]),e=T(e,[0,e[0]>>>1]),e=m(e,[3301882366,444984403]),T(e,[0,e[0]>>>1])}function l(e,t){for(var a=(e=e||"").length%16,n=e.length-a,r=[0,t=t||0],i=[0,t],o=[0,0],l=[0,0],s=

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000007

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:Unicode text, UTF-8 text, with very long lines (25453), with no line terminators
          Category:dropped
          Size (bytes):25461
          Entropy (8bit):5.210289774391241
          Encrypted:false
          SSDEEP:
          MD5:CE7342977652DB2D7479BFC50ADD216D
          SHA1:D3612EB51BA413E4CD136ADED1DB97BFD7366233
          SHA-256:BEB492EEDB0142BE751258E8F4C8249D869506709BFC27A830389D905390FEB8
          SHA-512:6747F81656A93EBCAD750719E8083BBBA245A3D28F2AE1E6D9FFF0D73A8F36BF3C8D98A28CA3EC4EC125859BC73F2537502D4853EC9F5C19BBEEDDE54FC1DDA9
          Malicious:true
          Reputation:unknown
          Preview:var initViewId=1==loginfinish?2:1,userIsVerify=!1,isEmail=!1,username_now="",area="",newUsername="",getCode="",nums=60,murmur="",GT="",bidBack="",isBtnLoading=!0,eorp=!0,manyouhou=null,authname="",autharea="",authcode="",verifyCallback,gtErrcallback,onloadCallback,valIndex,valIndex,userName_;if(console.log("hiddenRoaming:",hiddenRoaming),"2"!=GV?grecaptcha.enterprise.ready(function(){grecaptcha.enterprise.execute(gk3,{action:"LOGIN"}).then(function(n){GT=n})}):"2"==GV&&(verifyCallback=function(n){GT=n,$(".loginClass").find(".fontEB403C").each(function(n){$(".loginClass").find(".fontEB403C").eq(n).hide()})},gtErrcallback=function(n){GT=""},onloadCallback=function(){grecaptcha.enterprise.render("example3",{sitekey:gk2,callback:verifyCallback,action:"LOGIN","expired-callback":gtErrcallback})}),"9"==PageTable||9==PageTable){let username=mfaUsername,loginusername=loginUsername;$(".loginClass9").show().siblings().hide(),getCode=setInterval(function(){doLoop()},1e3),checkEmail.test(loginusern

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000008

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:HTML document, ASCII text, with very long lines (32769)
          Category:dropped
          Size (bytes):93867
          Entropy (8bit):5.371945023505273
          Encrypted:false
          SSDEEP:
          MD5:4BAB8348A52D17428F684AD1EC3A427E
          SHA1:56C912A8C8561070AEE7B9808C5F3B2ABEC40063
          SHA-256:3739B485AC39B157CAA066B883E4D9D3F74C50BEFF0B86CD8A24CE407B179A23
          SHA-512:A693069C66D8316D73A3C01ED9E6A4553C9B92D98B294F0E170CC9F9F5502C814255F5F92B93AEB07E0D6FE4613F9A1D511E1BFD965634F04E6CF18F191A7480
          Malicious:true
          Reputation:unknown
          Preview:/*! jQuery v1.7.1 jquery.com | jquery.org/license */.(function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!ck[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){cl||(cl=c.createElement("iframe"),cl.frameBorder=cl.width=cl.height=0),b.appendChild(cl);if(!cm||!cl.createElement)cm=(cl.contentWindow||cl.contentDocument).document,cm.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"")+"<html><body>"),cm.close();d=cm.createElement(a),cm.body.appendChild(d),e=f.css(d,"display"),b.removeChild(cl)}ck[a]=e}return ck[a]}function cu(a,b){var c={};f.each(cq.concat.apply([],cq.slice(0,b)),function(){c[this]=a});return c}function ct(){cr=b}function cs(){setTimeout(ct,0);return cr=f.now()}function cj(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ci(){try{return new a.XMLHttpRequest}catch(b){}}function cc(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000009

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):307328
          Entropy (8bit):5.888138810089
          Encrypted:false
          SSDEEP:
          MD5:2BFAEC1781CDA65C4B967CC7A6A20679
          SHA1:4F8DC480D2C8A550853DEAD051368FF606985B2B
          SHA-256:8EF832CC6AB9F6898D7D4261E654395FC43F0EA5266CFA6BF923DE5788EAD8D4
          SHA-512:D5CAD019F77D6A5968EE0A6815111666FA498B6157F940DF088DCC96B0443883649E529BF4AFB849223319F664513C52AB9D79829948DEEA54E5CA0E084E3F5C
          Malicious:true
          Reputation:unknown
          Preview:(function bHnFJOVcEB(){wN();NGT();w5T();var Oh=function(){return ZU.apply(this,[K2,arguments]);};var ZL=function(){Pr=["\x6c\x65\x6e\x67\x74\x68","\x41\x72\x72\x61\x79","\x63\x6f\x6e\x73\x74\x72\x75\x63\x74\x6f\x72","\x6e\x75\x6d\x62\x65\x72"];};var sB=function xB(lj,Qc){var A1=xB;for(lj;lj!=UN;lj){switch(lj){case N9:{lj-=UF;while(Z1(HD,zB)){if(EM(L1[rU[Ed]],Xm[rU[Uc]])&&cL(L1,vv[rU[zB]])){if(Eh(vv,fL)){TD+=AL(Rs,[DM]);}return TD;}TD+=AL(Rs,[DM]);DM+=vv[L1];--HD;;++L1;}}break;case nP:{lj+=vP;while(Z1(SM,zB)){if(EM(mD[lY[Ed]],Xm[lY[Uc]])&&cL(mD,WR[lY[zB]])){if(Eh(WR,LA)){nd+=AL(Rs,[IU]);}return nd;}if(wc(mD[lY[Ed]],Xm[lY[Uc]])){var Ud=xc[WR[mD[zB]][zB]];var vU=xB.apply(null,[nN,[cR(jr(IU,Uv[cR(Uv.length,Uc)]),WX()),SM,cU,mD[Uc],CA,Ud]]);nd+=vU;mD=mD[zB];SM-=kv(dP,[vU]);}else if(wc(WR[mD][lY[Ed]],Xm[lY[Uc]])){var Ud=xc[WR[mD][zB]];var vU=xB(nN,[cR(jr(IU,Uv[cR(Uv.length,Uc)]),WX()),SM,mH,zB,dd,Ud]);nd+=vU;SM-=kv(dP,[vU]);}else{nd+=AL(Rs,[IU]);IU+=WR[mD];--SM;};++mD;}}break;case ON:{return

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_00000a

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with very long lines (724)
          Category:dropped
          Size (bytes):551834
          Entropy (8bit):5.646059185430787
          Encrypted:false
          SSDEEP:
          MD5:33AFF52B82A1DF246136E75500D93220
          SHA1:4675754451AF81F996EAB925923C31EF5115A9F4
          SHA-256:B5E8EC5D4DCC080657DEB2D004F65D974BF4EC9E9AA5D621E10749182FFF8731
          SHA-512:2E1BAAE95052737BDB3613A6165589643516A1F4811D19C2F037D426265AA5ADF3C70334C1106B1B0EEF779244389F0D7C8C52B4CD55FCE9BAB2E4FCB0642720
          Malicious:true
          Reputation:unknown
          Preview:(function(){/*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/./*.. Copyright 2005, 2007 Bob Ippolito. All Rights Reserved.. Copyright The Closure Library Authors.. SPDX-License-Identifier: MIT.*/./*.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0.*/./*. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var z=function(){return[function(v,p,K,u,W,n){if(!((v>>2&(n=[6,"Unknown format requested type for int64",9],n[0])||!U[22](11,this.U(),p)&&this.dispatchEvent("enter")&&this.isEnabled()&&R[23](n[2],this,2)&&R[3](n[0],2,!0,this),v-1)<20&&(v>>1&7)>=4&&(u=new vf,W=R[41](1,p,u,kV,K==p?K:P[8](37,K),5)),v<<1&11))throw Error(n[1]);return W},function(v,p,K,u,W){return((W=[17,7,46],v)<<2&W[1]||(p=function(n){return K.call(p.src,p.listener,n)},K=UJ,u=p),(v-1|12)<v&&(v-9|59)>=v)&&(u=M[W[2]](15,p)&&!M[W[2]](13,."iPod")&&!M[W[2]](W[0],K)),((v|8)&W[1])==1&&(u=p.Y?p.Y:p.I?"application/x-protobuffer":""),u},function(v,p,K,u,W){retu

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_00000b

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with very long lines (65536), with no line terminators
          Category:dropped
          Size (bytes):78840
          Entropy (8bit):6.022413301778022
          Encrypted:false
          SSDEEP:
          MD5:0CA290F7801B0434CFE66A0F300A324C
          SHA1:0891B431E5F2671A211DDD8F03ACF1D07792F076
          SHA-256:0C613DC5F9E10DFF735C7A102433381C97B89C4A26CE26C78D9FFAD1ADDDC528
          SHA-512:AF70C75F30B08D731042C45091681B55E398EA6E6D96189BC9935CE25584A57240C678FF44C0C0428F93BF1F6A504E0558BC63F233D66D1B9A5B477BA1EF1533
          Malicious:true
          Reputation:unknown
          Preview:.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.recaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom}.recaptcha-checkbox-border{-webkit-border-radius:2px;-moz-border-radius:2px;border-radius:2px;background-color:#fff;border:2px solid #c1c1c1;font-size:1px;height:24px;position:absolute;width:24px;z-index:1}.recaptcha-checkbox-borderAnimation{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFQAAANICAYAAABZl8i8AAAAIGNIUk0AAHomAACAhAAA+gAAAIDoAAB1MAAA6mAAADqYAAAXcJy6UTwAAAAGYktHRAD/AP8A/6C9p5MAAHq9SURBVHja7Z15fFTl9f/fd9ZM9n1PgCyEXSSRNYKCgAuiIipuVSuudavV1tq6W/WrtnWrrZbWDZUqUqUoCoIEQhBI2JesELKvM9mTWe7c3x83d5xAlkky8fv92ft5vfKC19znOWfuZ571POc5B1SoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKFChQoVKlSoUKHifwGCRqsTNFrdj6VPq9XqtNofT9+wvutQyEyad8t9IaPPntFUd

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Cache\Cache_Data\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):524656
          Entropy (8bit):4.989325630401085E-4
          Encrypted:false
          SSDEEP:
          MD5:068DAB7ED4573D502A22BD1A577A7EFD
          SHA1:A64996E319A712DD84B848795C445BC92913399F
          SHA-256:F85E681466BFB0AE9952A3F4E2E019481FC8480254D120918A1EF200C55BEE45
          SHA-512:286B57B30A0299B9EA4763BEB667A62D6A88CDD9702AA82F9E4F204DDE77D8C8196906FB2209F6805777F45C3095E6216E79EEF6CD3A75C42F39E7D3D686FA45
          Malicious:true
          Reputation:unknown
          Preview:.........................................Q.b../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\012edbef7abcf9c9_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):259
          Entropy (8bit):5.597244278034834
          Encrypted:false
          SSDEEP:
          MD5:21BD980423E41534D68003731F398C46
          SHA1:787AA6F1A6AB80C0687B3A7147DD8697232C87CA
          SHA-256:EAD8216D0F0E174B502B03A8E18A4454BC42B01E0B00D8C36DC6069A8C9FC4A0
          SHA-512:D6225B5E0EF038D6537ED91196B6076403899FE940F00AA5F934F6406D7C7FAA2F92EF9979A1739D10E183B668578334C1ACF84767821BCC4FB55A3A1266778D
          Malicious:true
          Reputation:unknown
          Preview:0\r..m......w.....b....._keyhttps://www.google.com/recaptcha/enterprise.js?render=6Ld_eBkmAAAAAKGzqykvtH0laOzfRdELmh-YBxub .https://lenovo.com/.A..Eo.....................b../.........Z............qL.......dR....(..64....6.x...;6.../...A..Eo.........k$.......

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\01627f27fb7071ca_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):219
          Entropy (8bit):5.503249529812329
          Encrypted:false
          SSDEEP:
          MD5:CA551CABF5FD4473D205FEB264ACEC48
          SHA1:A877EE10D714BAE17350526088E9A337890BE9FD
          SHA-256:807AAE16791FF4B1A92939C7EFE2E31F8A2F2C8C1C4A63D41878D0F8707041D7
          SHA-512:671E49868FACCE289F26AE601D521367FFCDC7BA68E5F3C2CDF298CAE69ED1EB1B12707FDFEA56B8BEBB37096F4E5EADBA176B34C8BFB8D276F5820BFA45D571
          Malicious:true
          Reputation:unknown
          Preview:0\r..m......O....ZT!...._keyhttps://www.googletagmanager.com/gtm.js?id=GTM-W5CFR6P .https://lenovo.com/.A..Eo..................@..b../.........Z............|L.....8Q.{...;".49......+N.N..e.^,.....A..Eo......W..$.......

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\1493379f364199af_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):230
          Entropy (8bit):5.329216821969306
          Encrypted:false
          SSDEEP:
          MD5:6920CBC510470864F9A5DBDB1AB12E5E
          SHA1:EACA3BE4A808CD1F1FF765B106366BDD0037786E
          SHA-256:96A6FB55E0EE97B7453AE78C284F14D6372B46CC6F87A642AC60EC9B0916E2ED
          SHA-512:B7FCC3D0B53222664A0253F6A7460C8368B1508187DFB686582A0B6EC7FB10E62DDFD207336EE1AABDC1A8D3D7A3689D1A06DC249CD5AF828C61907E46502A0C
          Malicious:true
          Reputation:unknown
          Preview:0\r..m......Z... .?....._keyhttps://passport.lenovo.com/glbwebauthnv6/wauth_new/js/fg2.min.js .https://lenovo.com/.A..Eo.....................c../.........Z...........#.L.....N.l!..>....aX...%.......E.gLw....A..Eo.......F..$.......

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\5639aaefef9788b1_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):241
          Entropy (8bit):5.459232892716585
          Encrypted:false
          SSDEEP:
          MD5:380D8C16FA22B242977C4BB03E63B99D
          SHA1:49997CF5512728FA294AD1F743960FBABB722315
          SHA-256:410BB87FEC4D3FF5A5C7B07E56111542B039C9624A582EB9CA492013375ABA2C
          SHA-512:37CA96A92CAF1472888F57A89F48C26ED7A43B12487EBF17BB97F0CC625BDA3B3A73D6F02B2DF09BFFF735D4FD195A825ADB44B072BA25858A656287866E8A5B
          Malicious:true
          Reputation:unknown
          Preview:0\r..m......e....D......_keyhttps://passport.lenovo.com/glbwebauthnv6/wauth_new/js/login.ce7342977652.js .https://lenovo.com/.A..Eo..................x~.c../.........Z...........%.L............k.....^..42,..c._Z.z.....A..Eo.......R)A$.......

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\56ff516abbc097e3_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):249
          Entropy (8bit):5.486935389361818
          Encrypted:false
          SSDEEP:
          MD5:7A70E82EC14AF29A35665C25AE0A1A21
          SHA1:3B81C8D7F7CFE158D2A2B30FE3B992C7E6F6F671
          SHA-256:F3AEA9081C3F819E9F90B0A6206727310498A28BBB1FE21E4AB321EF6A4883C9
          SHA-512:88CEF44E33E7DE15B9900095A216A7AA87244FA8BDDFC667DB97E0FC4C15CB764EBA591F3382A6F4B08480197253C8A8391A3CB93DBD4ABDBC7616E132AF3CD7
          Malicious:true
          Reputation:unknown
          Preview:0\r..m......m...^._....._keyhttps://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__en.js .https://lenovo.com/.A..Eo...................R.c../.........Z............L......B.(d.@Pj....s....e,*.Cl.b6..(5..A..Eo.......Y.6$.......

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\57587f1582d66016_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):240
          Entropy (8bit):5.597915883121067
          Encrypted:false
          SSDEEP:
          MD5:C2573B6D1F928B83043CD9880714CCA0
          SHA1:204405C3D0B641561F7CEC4D9839C6A1CBBA9086
          SHA-256:12C222D2C832D5498136479BB05B79E82A4D068E869685F2F2B1EB4542BDD2E0
          SHA-512:C4B8D5C3D1F393D79352DF74330CF3B1A3AC2C273400C04F256D5158E81BA2153CB9EA1E698147F980F10CBF337CA432AD6809B193CDEA199BD566E943C04E93
          Malicious:true
          Reputation:unknown
          Preview:0\r..m......d...Ow.5...._keyhttps://www.google.com/js/bg/SzbTPrPj0RZMh3sKke7Dm2R1EAOQaD1lrFJKAhnJ0tE.js .https://google.com/.A..Eo..................O..d../.........Z...........x.L.......\.YV.*P).......v......./....8.A..Eo.......+i.$.......

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\5e6b352005ba6b9c_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):249
          Entropy (8bit):5.4980919158215285
          Encrypted:false
          SSDEEP:
          MD5:F3C35449999C808C10A330F68CE84C43
          SHA1:48B21BB22E51EC7F1A5CDEF21330A94A330D4C7E
          SHA-256:5BCE9BD137A9F84D641027600638793F0750520DA1220807786B0ED60973965A
          SHA-512:D3336261A8E7D9BC04D976A83531A44926D2F581CF37F2C2E4A985C2487D4D6C82A448F3E035E0C08CE6F0E64797B8DF2044BE081BEEA3486377F679955CDBFA
          Malicious:true
          Reputation:unknown
          Preview:0\r..m......m..........._keyhttps://www.gstatic.com/recaptcha/releases/xds0rzGrktR88uEZ2JUvdgOY/recaptcha__en.js .https://google.com/.A..Eo.....................c../.........Z.............L......u....2f..!.Six^_..q.h@ ..<i.].A..Eo.......K..$.......

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\735bf054f08dabfd_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):221
          Entropy (8bit):5.43827034976762
          Encrypted:false
          SSDEEP:
          MD5:0F5BD79CCE755E90C0B3EB31B2D81944
          SHA1:884D16FF7B98DBF2A7FF31624E8B7DB6A926B44C
          SHA-256:060AD3C2B49415B5FCD68031718EC2E0F7F5FD096D4F071497CB8DB6CC46F8B4
          SHA-512:E968D96ABFC708BACE5E563727CAF1D5B0A334E27973C85CAB82D42046423415F1AFF2B88D038677E720CF978070A3BEACE4DF6515CE69BBCE8B9F2B42259136
          Malicious:true
          Reputation:unknown
          Preview:0\r..m......Q.....x!...._keyhttps://www.googletagmanager.com/gtag/js?id=G-LMWHJ8QP3E .https://lenovo.com/.A..Eo.................._`.b../.........Z............|L.......3^.E.6NZ}.b.PV...jP.........A..Eo..........$.......

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\90b10fdbbf5e582a_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):230
          Entropy (8bit):5.291663433457455
          Encrypted:false
          SSDEEP:
          MD5:CDCB5756E94BD6EB51D72EE0E99C95D2
          SHA1:E218B58B04AA6C93CE39B64F01548ABF2D664213
          SHA-256:817B73083258D3074FAF767B5A1AB35DA849AA4E283C132E3716D7579C1ABDB2
          SHA-512:F63DE9F5B758620B6ED869E19E4019DE569CC2DD323D8D3D6D71AE5F9EF1B440D0A6ED7CDE17D0054E4A63B32430EA0939B3DDED7081588AC3F23BB8FC022525
          Malicious:true
          Reputation:unknown
          Preview:0\r..m......Z...m......._keyhttps://passport.lenovo.com/glbwebauthnv6/wauth_new/js/commons.js .https://lenovo.com/.A..Eo.....................b../.........Z...........".L...........0..-..2.o.G........rX.....A..Eo.......t$J$.......

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\af91641539dc4e3a_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):246
          Entropy (8bit):5.3556507022103546
          Encrypted:false
          SSDEEP:
          MD5:733E36CDA3B8697DCD967981C02287E5
          SHA1:C9B8D753080A0E1F0E554552BEE051F53764CE85
          SHA-256:69BBB358942716175F581272341E1B9EE03CCFBEA8B33AF4240A8F4C372BC409
          SHA-512:82C9BE142B4D7085B5C936F92AF158BB8772CB5B84BD12DB1717A5B2EC804E650A2955750F67BDFA9538BBD89B9464A80078D23CE99DD7AD4AB5654654080A06
          Malicious:true
          Reputation:unknown
          Preview:0\r..m......j....~......_keyhttps://passport.lenovo.com/glbwebauthnv6/wauth_new/js/weekpswtab.dbfdfa2cbaf3.js .https://lenovo.com/.A..Eo.....................c../.........Z...........#.L......M...k...u%...:..*...6b.<..o....A..Eo.......y..$.......

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\c43927c4ca8e9a6d_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):239
          Entropy (8bit):5.371845171584791
          Encrypted:false
          SSDEEP:
          MD5:3861CBA5EDAE98B18198727D64905681
          SHA1:47337ED9C512CDBCAD01BCA51FDD814C388FB7B7
          SHA-256:A75FEEB2D3303A4364A9172FE14FA61F591ACAD54691235C133693965F2F879F
          SHA-512:3B3F7AE0B87FB639B16622D3AAF3F18B16705FC13560103E17DBE4DF5C011010C845FED76F253A8F8DB122B635A7FE005648B02BA8FDF18F743B4C4EA5B780BD
          Malicious:true
          Reputation:unknown
          Preview:0\r..m......c...;.M...._keyhttps://passport.lenovo.com/glbwebauthnv6/wauth_new/js/jquery-1.7.1.min.js .https://lenovo.com/.A..Eo.....................c../.........Z............|L.....qs...j%.(V..|gh.L...d..]Z......A..Eo.......FQ^$.......

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\d988bfbda8695bb4_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):262
          Entropy (8bit):5.739579419347498
          Encrypted:false
          SSDEEP:
          MD5:F8046D7B4C0A4F7B609588F45E34A64E
          SHA1:7F0DCEB7B8986A54032C0F0723C29A8FA2524F21
          SHA-256:F1DE430DB1777A30096E15E3A1DA25DC8950A058CC5D8E6E9B4DB1F90BF2E43F
          SHA-512:34671518FD7732AC8EC533DE9CF7DD216F10C75250827F8B555F6F7899A15C3C69F653DF257B338868339C19F241E2EB4298CC0F895CBC53C3B3540AD5B31A2C
          Malicious:true
          Reputation:unknown
          Preview:0\r..m......z.....@...._keyhttps://passport.lenovo.com/hrRjxQ/f8/Pb/O2qu/kJbU3l5THR/9z7YwpOiE5wp1u/LgkyW3ReUgE/HXwzf/BIbT0wB .https://lenovo.com/.A..Eo...................(.c../.........Z...........b.L.....BF..Y<.".."......3s...Y9..z^;..A..Eo......E...$.......

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\index-dir\temp-index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:x86 executable not stripped
          Category:dropped
          Size (bytes):336
          Entropy (8bit):4.792426332417204
          Encrypted:false
          SSDEEP:
          MD5:F7F80DEC8EFC08079A768E5B8274BDAA
          SHA1:D480B20FDC96235D4CBEAB5641594FDBCAC545E6
          SHA-256:87ADEA6F9312FACFD0B981F98E19A6C6F19CC13D8B70E467E634DA4BD59E236A
          SHA-512:7B6D0776E0CA84130BB545DBF50B4DA383D5EC2CB1CACFDFC907118CA00096CB5227C1D57597D3D1FEE530C6B4A39D62160FAF28A084D739B4E10C87246A1A43
          Malicious:true
          Reputation:unknown
          Preview:H....[.ioy retne.........................`...XW...d../............jQ.V..tc../.........:N.9.d....7c../..........[i.......ec../..........qp.'.b..A.c../.............T.[s.A.c../..............9V..7c../...........A6.7....7c../............z.....z.b../.........m....'9.A.c../.........*X^.......7c../..........k.. 5k^...c../...........#d../.

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:81586D3696534A9FED43129A252A0623
          SHA1:569F89DC7822542F4DE1CA8146068239F952B74B
          SHA-256:94AFCBD5570778D6834AEA12D19284728D5E05BE8F12C34A18146654E21A8189
          SHA-512:451572D86AE977E992516EF7CD0FD5A71F744E347222DAF6432C0B9839AEBCEA741989089225177A5EA010A5E0BE4F8797EA8979B54FDEABE4F78607CE16D5BE
          Malicious:true
          Reputation:unknown
          Preview:(.......oy retne........................ C.b../.

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RF4d0d28.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:81586D3696534A9FED43129A252A0623
          SHA1:569F89DC7822542F4DE1CA8146068239F952B74B
          SHA-256:94AFCBD5570778D6834AEA12D19284728D5E05BE8F12C34A18146654E21A8189
          SHA-512:451572D86AE977E992516EF7CD0FD5A71F744E347222DAF6432C0B9839AEBCEA741989089225177A5EA010A5E0BE4F8797EA8979B54FDEABE4F78607CE16D5BE
          Malicious:true
          Reputation:unknown
          Preview:(.......oy retne........................ C.b../.

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\wasm\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):24
          Entropy (8bit):2.1431558784658327
          Encrypted:false
          SSDEEP:
          MD5:54CB446F628B2EA4A5BCE5769910512E
          SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
          SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
          SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
          Malicious:true
          Reputation:unknown
          Preview:0\r..m..................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\wasm\index-dir\temp-index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):48
          Entropy (8bit):2.9972243200613975
          Encrypted:false
          SSDEEP:
          MD5:3D4F5BD354F440BF519371F5F2AAB6D5
          SHA1:CE356259DFD3944416A4A27A973408402CDAFD44
          SHA-256:2078D36B2B4005086735C5E16F2FC316AC3C8888FDF37ADB80C299262F389794
          SHA-512:9BC2F1123E18BDB91E48F717D4C5CBA2BDC7590F4B5618218D0FAE3715F5E879D134D93E61B5EEB993E8384682F71A1CFE1B369AB6CB05B1CF907F842CE1987D
          Malicious:true
          Reputation:unknown
          Preview:(....].6oy retne........................;..b../.

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:3D4F5BD354F440BF519371F5F2AAB6D5
          SHA1:CE356259DFD3944416A4A27A973408402CDAFD44
          SHA-256:2078D36B2B4005086735C5E16F2FC316AC3C8888FDF37ADB80C299262F389794
          SHA-512:9BC2F1123E18BDB91E48F717D4C5CBA2BDC7590F4B5618218D0FAE3715F5E879D134D93E61B5EEB993E8384682F71A1CFE1B369AB6CB05B1CF907F842CE1987D
          Malicious:true
          Reputation:unknown
          Preview:(....].6oy retne........................;..b../.

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\DawnCache\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):8.280239615765425E-4
          Encrypted:false
          SSDEEP:
          MD5:D0D388F3865D0523E451D6BA0BE34CC4
          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
          Malicious:true
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\DawnCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.47693366977411E-4
          Encrypted:false
          SSDEEP:
          MD5:5494C6A4CD9FF544B4B76D90C65FCD0A
          SHA1:D6AC304F3E7866E16E2750812E2B28C90364AC22
          SHA-256:CA7E9449D31ED59DC3A7C776CF018F8AE11803A5F1EF8F011EEBD42539ECCD5A
          SHA-512:22FEFD9179BF649A1EE531BEAE28DB6E028313826DED881084853F24E0600FBC6148DE329CF93E66D52C5E95CEF57C4525AAFBE892218D72D501C7077D2FA725
          Malicious:true
          Reputation:unknown
          Preview:.........................................N.b../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\GPUCache\data_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:dBase III DBT, next free block index 3238316739, block length 1024
          Category:dropped
          Size (bytes):45056
          Entropy (8bit):0.028444322673708927
          Encrypted:false
          SSDEEP:
          MD5:AFC4BCC71485DF8C1A3D7F9E67562EC7
          SHA1:19E523A8BBD1623E67E55AD36B51C731312F5892
          SHA-256:8F530B033AF27774C55D0F5212BAFD183C59B4A8A8823EE66DE08BA04616F369
          SHA-512:9C64E639D0A5280DA34C09A316C9B94C80E555DFC26A3725F8E42148BA0CA7503C4DE817BAA5E34539B7F40E8E7B30B5592970308C9DA8EB72C9049742CFBE9A
          Malicious:true
          Reputation:unknown
          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\GPUCache\data_1

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):270336
          Entropy (8bit):0.03907509111859803
          Encrypted:false
          SSDEEP:
          MD5:77FB504E5F5A98C512BD3651CC11B71A
          SHA1:6DD05D7DFBE041588A660FE1394FC6C32D6A4648
          SHA-256:2986D31B9D68F3150FE7B1970A6780A8AFF33DA597818B9E62B5E4CFDFB0F52A
          SHA-512:31A0BE3497D08389BDC89F4FB6EC03B176D417398B417EBFF81FF3346CA2BE609DABBC18932B5100172AEAD814736AFD56CD3323BD561BDB3A107591A8F1ED84
          Malicious:true
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\GPUCache\data_2

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:dBase III DBT, next free block index 3238316739, block length 1024
          Category:dropped
          Size (bytes):1056768
          Entropy (8bit):0.08376133919497868
          Encrypted:false
          SSDEEP:
          MD5:14A9BA04642264B29DC0F2BC4BA63C51
          SHA1:1B6688C9FC89ABF33DF927F2B3DFE88FCAF7ECE5
          SHA-256:1B56D592717B39321152D594576ECC8DB836D7CB9C4DA1EFEAF02D6568D12CC8
          SHA-512:49415D7890B240E750E0213F78A1F79620E9C567FF6E9045B8AAFB20E5B057DEB4D6E1229484CC2C8E6483AC3CA424C700A9EBC2766A39F3C97BCD0822672D8E
          Malicious:true
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\GPUCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.553120663130604E-4
          Encrypted:false
          SSDEEP:
          MD5:7C9D4FDC719BFD4EAE0A5D88D472E2CE
          SHA1:8104438D00B121A6FFE33C356A080AF0F6E7F67B
          SHA-256:6EE6BD4D6E15D1F48F7F38A8A29CF03C83C3B4A97F0BF519EFD9A88C7D6ABCDD
          SHA-512:76C776D7B66EB67393F4E80B1F8893FB7AE9C5118E5ADD856735F352CB0215FB47713459672BD7445C59808F4FB14CF3A19E0E9A96AE535DC5404EE47193B56A
          Malicious:true
          Reputation:unknown
          Preview:...........................................b../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Network\56a46b80-df69-4b5d-9cb8-3182e24c6565.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):2
          Entropy (8bit):1.0
          Encrypted:false
          SSDEEP:
          MD5:D751713988987E9331980363E24189CE
          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
          Malicious:true
          Reputation:unknown
          Preview:[]

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Network\65442db1-2f61-4545-a6d0-61bd377815a9.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):1803
          Entropy (8bit):5.252848960418791
          Encrypted:false
          SSDEEP:
          MD5:11DB8E5902742946763357F23692EFFF
          SHA1:17295A3C8FF78735192536967DB5A13120C1460C
          SHA-256:1D3D1027C04B95005DD6AE7F881CEBBA70E4C2712C1EF59DFA671D2590C6743D
          SHA-512:EC58C95C15378B487F39F26E7AEDF2B7E60829F9564C0A75445D57C97639EAF0E7E9698BDCB850273E6399D78D5A5348B6BA80BE54F256FB6F84910B2BCA634E
          Malicious:true
          Reputation:unknown
          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375459667158496","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2xlbm92by5jb20AAA==",false],"server":"https://www.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375459667207530","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2xlbm92by5jb20AAA==",false],"server":"https://www.googletagmanager.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375459670135574","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2xlbm92by5jb20AAA==",false],"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13375459687338791","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2xlbm92by5jb20AAA==",true],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expira

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Network\7a58ac41-47c3-4414-b6ee-90555ae92473.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):40
          Entropy (8bit):4.1275671571169275
          Encrypted:false
          SSDEEP:
          MD5:20D4B8FA017A12A108C87F540836E250
          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
          Malicious:true
          Reputation:unknown
          Preview:{"SDCH":{"dictionaries":{},"version":2}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Network\Network Persistent State (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
          SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
          SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
          SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
          Malicious:true
          Reputation:unknown
          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RF4d1333.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
          SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
          SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
          SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
          Malicious:true
          Reputation:unknown
          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Network\Network Persistent State~RF4d812f.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
          SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
          SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
          SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
          Malicious:true
          Reputation:unknown
          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D751713988987E9331980363E24189CE
          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
          Malicious:true
          Reputation:unknown
          Preview:[]

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports~RF4c638a.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D751713988987E9331980363E24189CE
          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
          Malicious:true
          Reputation:unknown
          Preview:[]

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Network\Sdch Dictionaries (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:20D4B8FA017A12A108C87F540836E250
          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
          Malicious:true
          Reputation:unknown
          Preview:{"SDCH":{"dictionaries":{},"version":2}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Network\d0f21931-ace5-4cde-9bcf-4e0b07f57c1b.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:modified
          Size (bytes):59
          Entropy (8bit):4.619434150836742
          Encrypted:false
          SSDEEP:
          MD5:2800881C775077E1C4B6E06BF4676DE4
          SHA1:2873631068C8B3B9495638C865915BE822442C8B
          SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
          SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
          Malicious:true
          Reputation:unknown
          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Network\e8b728ca-a013-4d5a-b2df-97ac4ad0c62d.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):59
          Entropy (8bit):4.619434150836742
          Encrypted:false
          SSDEEP:
          MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
          SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
          SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
          SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
          Malicious:true
          Reputation:unknown
          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Preferences (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9DD6A6BD1DD6A27926C5C79632E2FB81
          SHA1:F27434772650DEF195C12D54D23EC0795CCF8FB1
          SHA-256:9612BD8C8086809980F32A9B09B119BDE5A41C4A820D75D84C83E4FB433B1A2B
          SHA-512:CCDC68A67AB3043353372B8CDB1BA92B204B7ECF96B560CB3D4E3BF49352B5C17FDD5E57819CA0EC9E9F773C7E1053FA159A6E94F98141D1046F28809198F5C1
          Malicious:true
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372867664178907","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":550,"browser_content_container_width":600,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13372867664099031","domain_diversity":{"last_reporting_timestamp":"13372867664178255"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Preferences~RF4cbb30.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9DD6A6BD1DD6A27926C5C79632E2FB81
          SHA1:F27434772650DEF195C12D54D23EC0795CCF8FB1
          SHA-256:9612BD8C8086809980F32A9B09B119BDE5A41C4A820D75D84C83E4FB433B1A2B
          SHA-512:CCDC68A67AB3043353372B8CDB1BA92B204B7ECF96B560CB3D4E3BF49352B5C17FDD5E57819CA0EC9E9F773C7E1053FA159A6E94F98141D1046F28809198F5C1
          Malicious:true
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372867664178907","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":550,"browser_content_container_width":600,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13372867664099031","domain_diversity":{"last_reporting_timestamp":"13372867664178255"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Preferences~RF4cee17.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9DD6A6BD1DD6A27926C5C79632E2FB81
          SHA1:F27434772650DEF195C12D54D23EC0795CCF8FB1
          SHA-256:9612BD8C8086809980F32A9B09B119BDE5A41C4A820D75D84C83E4FB433B1A2B
          SHA-512:CCDC68A67AB3043353372B8CDB1BA92B204B7ECF96B560CB3D4E3BF49352B5C17FDD5E57819CA0EC9E9F773C7E1053FA159A6E94F98141D1046F28809198F5C1
          Malicious:true
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372867664178907","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":550,"browser_content_container_width":600,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13372867664099031","domain_diversity":{"last_reporting_timestamp":"13372867664178255"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Preferences~RF4d75c5.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:9DD6A6BD1DD6A27926C5C79632E2FB81
          SHA1:F27434772650DEF195C12D54D23EC0795CCF8FB1
          SHA-256:9612BD8C8086809980F32A9B09B119BDE5A41C4A820D75D84C83E4FB433B1A2B
          SHA-512:CCDC68A67AB3043353372B8CDB1BA92B204B7ECF96B560CB3D4E3BF49352B5C17FDD5E57819CA0EC9E9F773C7E1053FA159A6E94F98141D1046F28809198F5C1
          Malicious:true
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372867664178907","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":550,"browser_content_container_width":600,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13372867664099031","domain_diversity":{"last_reporting_timestamp":"13372867664178255"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\PreferredApps

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):33
          Entropy (8bit):4.051821770808046
          Encrypted:false
          SSDEEP:
          MD5:2B432FEF211C69C745ACA86DE4F8E4AB
          SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
          SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
          SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
          Malicious:true
          Reputation:unknown
          Preview:{"preferred_apps":[],"version":1}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\README

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):182
          Entropy (8bit):4.2629097520179995
          Encrypted:false
          SSDEEP:
          MD5:643E00B0186AA80523F8A6BED550A925
          SHA1:EC4056125D6F1A8890FFE01BFFC973C2F6ABD115
          SHA-256:A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
          SHA-512:D91A934EAF7D9D669B8AD4452234DE6B23D15237CB4D251F2C78C8339CEE7B4F9BA6B8597E35FE8C81B3D6F64AE707C68FF492903C0EDC3E4BAF2C6B747E247D
          Malicious:true
          Reputation:unknown
          Preview:Microsoft Edge settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through Microsoft Edge defined APIs.

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Secure Preferences (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:D3BD083AE860BFF58108E02506E8036A
          SHA1:F40BEB2380ABEA716B152271146AE8AEE95ACA12
          SHA-256:D321FA3A221CCF9D9B5CAC2C2C482D1FA7C2CD1310ED2B0CF68C46E6D569EFDF
          SHA-512:7514735B049C058596A2952E45B0231079D48EFED04B2E209536EADDFC09A6BB25A19CCC31263E44CE1E56D053D2A2DBE3779C9CAF4E666183381F98EC092B2D
          Malicious:true
          Reputation:unknown
          Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13372867663689072","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13372867663689072","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Site Characteristics Database\000001.dbtmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):16
          Entropy (8bit):3.2743974703476995
          Encrypted:false
          SSDEEP:
          MD5:46295CAC801E5D4857D09837238A6394
          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
          Malicious:true
          Reputation:unknown
          Preview:MANIFEST-000001.

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Site Characteristics Database\CURRENT (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:46295CAC801E5D4857D09837238A6394
          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
          Malicious:true
          Reputation:unknown
          Preview:MANIFEST-000001.

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:OpenPGP Secret Key
          Category:dropped
          Size (bytes):41
          Entropy (8bit):4.704993772857998
          Encrypted:false
          SSDEEP:
          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
          Malicious:true
          Reputation:unknown
          Preview:.|.."....leveldb.BytewiseComparator......

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Default\b9ef0d62-b181-4573-a293-e03534377839.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):6159
          Entropy (8bit):4.856913687531697
          Encrypted:false
          SSDEEP:
          MD5:389F6296B82449365A3D1DE64D1C7271
          SHA1:C50107A43686261C888B8B49C9B2DA9C5BA75FC5
          SHA-256:B357F0989F87CDB216BAE0DF102D433A88D38117685EC1CF95D2F066C1ABE952
          SHA-512:42EC8D66F0EB03DE65FD8CECAB64311ED971411BC7AE7AABE7320347093E519F7A610DF4835E964B36BEBC34249148B0C6763592C4CF03841F2C814D4C712471
          Malicious:true
          Reputation:unknown
          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13372867664178907","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":550,"browser_content_container_width":600,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13372867664099031","domain_diversity":{"last_reporting_timestamp":"13372867664178255"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\GrShaderCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.553120663130604E-4
          Encrypted:false
          SSDEEP:
          MD5:475002D34EBC5F207782AE37860BB786
          SHA1:4370C4B257DA1A66306B30AB2D5210E090437AF3
          SHA-256:4CE5DA1DBB0D89295324F94D7E692C7AE72D01EBD2A0175D909516598726333C
          SHA-512:1F1D9DFE11C7FC9939C5691CDE8E77456CE447D523B4FB2708257D30A18FB3032852D3CABA2D200095DFE005B9070D87318EAF1454B5A92A9F0149839A194DE1
          Malicious:true
          Reputation:unknown
          Preview:........................................A..b../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\GraphiteDawnCache\data_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
          Category:dropped
          Size (bytes):8192
          Entropy (8bit):0.01057775872642915
          Encrypted:false
          SSDEEP:
          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
          Malicious:true
          Reputation:unknown
          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\GraphiteDawnCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.553120663130604E-4
          Encrypted:false
          SSDEEP:
          MD5:AD89D94115B8E60A1E5964831FF1C377
          SHA1:ED185C96FF3DE33FB01E4B19722EDD473AA03020
          SHA-256:B1CFC04FA7F43F03811B1E0AF67493F696353200954D9532F8AE793C6E1E3CEF
          SHA-512:EF4A98C970B6097DD4F580EF5624F2B9DD1C97B7DC232781CC45AB3BB163E2AFCEB2E7CA622FBF244205F47CC2268C04FA1EB6C5F86AB8A4DF60719BFDF0422B
          Malicious:true
          Reputation:unknown
          Preview:........................................f..b../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Last Version

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):13
          Entropy (8bit):2.7192945256669794
          Encrypted:false
          SSDEEP:
          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
          Malicious:true
          Reputation:unknown
          Preview:117.0.2045.47

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Local State (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:89EB698BF8E2FF9024256FC2C30D1B69
          SHA1:AAF98715F404B15C09ED83ED325433FA248E6EC1
          SHA-256:94666DF8A2277980093A40F94405624B7E3B07DE81EC439806760312B74408E5
          SHA-512:2EBD58432DDB8EDE172EC85FC791F114E8D1B06AA7BC8E4AD7CE5CC0E08571070B378A970B1C8C4F6E015A5526DBC05574BFBD7F69DD7F25764D69A9BC871433
          Malicious:true
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD1jIZms4SSRLPckOuAZwbiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABkoeQdphmB2eMdtY/ciCjHDDm+an1EuIYSUZHzt2vZ2gAAAAAOgAAAAAIAACAAAABQdbzn9RWlRJ/LSHKo8lfecOw4mDNE/amNd528y5z1/jAAAAD8Hz+rsA4mDan6jZDhwu0RThsYGsuU9cvLCOQj0o+ClIKLMgItsOZyaQyCKRNecwBAAAAAh+R7J2ZPs7L13KfhGcT73nTIB7lcf5rr9nnKl6DrvKy3eKpu1MnC7HBlFPhMK4TmCHOYNwrFCngCxfCjE0CE0Q=="},"uninstall_metrics":{"installation_date2":"1728394063"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":2297,"pseudo_low_entropy_source":1983,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13372867663433211","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Local State~RF4c6213.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:89EB698BF8E2FF9024256FC2C30D1B69
          SHA1:AAF98715F404B15C09ED83ED325433FA248E6EC1
          SHA-256:94666DF8A2277980093A40F94405624B7E3B07DE81EC439806760312B74408E5
          SHA-512:2EBD58432DDB8EDE172EC85FC791F114E8D1B06AA7BC8E4AD7CE5CC0E08571070B378A970B1C8C4F6E015A5526DBC05574BFBD7F69DD7F25764D69A9BC871433
          Malicious:true
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD1jIZms4SSRLPckOuAZwbiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABkoeQdphmB2eMdtY/ciCjHDDm+an1EuIYSUZHzt2vZ2gAAAAAOgAAAAAIAACAAAABQdbzn9RWlRJ/LSHKo8lfecOw4mDNE/amNd528y5z1/jAAAAD8Hz+rsA4mDan6jZDhwu0RThsYGsuU9cvLCOQj0o+ClIKLMgItsOZyaQyCKRNecwBAAAAAh+R7J2ZPs7L13KfhGcT73nTIB7lcf5rr9nnKl6DrvKy3eKpu1MnC7HBlFPhMK4TmCHOYNwrFCngCxfCjE0CE0Q=="},"uninstall_metrics":{"installation_date2":"1728394063"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":2297,"pseudo_low_entropy_source":1983,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13372867663433211","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Local State~RF4c6261.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:89EB698BF8E2FF9024256FC2C30D1B69
          SHA1:AAF98715F404B15C09ED83ED325433FA248E6EC1
          SHA-256:94666DF8A2277980093A40F94405624B7E3B07DE81EC439806760312B74408E5
          SHA-512:2EBD58432DDB8EDE172EC85FC791F114E8D1B06AA7BC8E4AD7CE5CC0E08571070B378A970B1C8C4F6E015A5526DBC05574BFBD7F69DD7F25764D69A9BC871433
          Malicious:true
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD1jIZms4SSRLPckOuAZwbiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABkoeQdphmB2eMdtY/ciCjHDDm+an1EuIYSUZHzt2vZ2gAAAAAOgAAAAAIAACAAAABQdbzn9RWlRJ/LSHKo8lfecOw4mDNE/amNd528y5z1/jAAAAD8Hz+rsA4mDan6jZDhwu0RThsYGsuU9cvLCOQj0o+ClIKLMgItsOZyaQyCKRNecwBAAAAAh+R7J2ZPs7L13KfhGcT73nTIB7lcf5rr9nnKl6DrvKy3eKpu1MnC7HBlFPhMK4TmCHOYNwrFCngCxfCjE0CE0Q=="},"uninstall_metrics":{"installation_date2":"1728394063"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":2297,"pseudo_low_entropy_source":1983,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13372867663433211","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Local State~RF4c8952.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:89EB698BF8E2FF9024256FC2C30D1B69
          SHA1:AAF98715F404B15C09ED83ED325433FA248E6EC1
          SHA-256:94666DF8A2277980093A40F94405624B7E3B07DE81EC439806760312B74408E5
          SHA-512:2EBD58432DDB8EDE172EC85FC791F114E8D1B06AA7BC8E4AD7CE5CC0E08571070B378A970B1C8C4F6E015A5526DBC05574BFBD7F69DD7F25764D69A9BC871433
          Malicious:true
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD1jIZms4SSRLPckOuAZwbiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABkoeQdphmB2eMdtY/ciCjHDDm+an1EuIYSUZHzt2vZ2gAAAAAOgAAAAAIAACAAAABQdbzn9RWlRJ/LSHKo8lfecOw4mDNE/amNd528y5z1/jAAAAD8Hz+rsA4mDan6jZDhwu0RThsYGsuU9cvLCOQj0o+ClIKLMgItsOZyaQyCKRNecwBAAAAAh+R7J2ZPs7L13KfhGcT73nTIB7lcf5rr9nnKl6DrvKy3eKpu1MnC7HBlFPhMK4TmCHOYNwrFCngCxfCjE0CE0Q=="},"uninstall_metrics":{"installation_date2":"1728394063"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":2297,"pseudo_low_entropy_source":1983,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13372867663433211","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Local State~RF4ceec3.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:89EB698BF8E2FF9024256FC2C30D1B69
          SHA1:AAF98715F404B15C09ED83ED325433FA248E6EC1
          SHA-256:94666DF8A2277980093A40F94405624B7E3B07DE81EC439806760312B74408E5
          SHA-512:2EBD58432DDB8EDE172EC85FC791F114E8D1B06AA7BC8E4AD7CE5CC0E08571070B378A970B1C8C4F6E015A5526DBC05574BFBD7F69DD7F25764D69A9BC871433
          Malicious:true
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD1jIZms4SSRLPckOuAZwbiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABkoeQdphmB2eMdtY/ciCjHDDm+an1EuIYSUZHzt2vZ2gAAAAAOgAAAAAIAACAAAABQdbzn9RWlRJ/LSHKo8lfecOw4mDNE/amNd528y5z1/jAAAAD8Hz+rsA4mDan6jZDhwu0RThsYGsuU9cvLCOQj0o+ClIKLMgItsOZyaQyCKRNecwBAAAAAh+R7J2ZPs7L13KfhGcT73nTIB7lcf5rr9nnKl6DrvKy3eKpu1MnC7HBlFPhMK4TmCHOYNwrFCngCxfCjE0CE0Q=="},"uninstall_metrics":{"installation_date2":"1728394063"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":2297,"pseudo_low_entropy_source":1983,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13372867663433211","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Local State~RF4d75c5.TMP (copy)

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):0
          Entropy (8bit):0.0
          Encrypted:false
          SSDEEP:
          MD5:89EB698BF8E2FF9024256FC2C30D1B69
          SHA1:AAF98715F404B15C09ED83ED325433FA248E6EC1
          SHA-256:94666DF8A2277980093A40F94405624B7E3B07DE81EC439806760312B74408E5
          SHA-512:2EBD58432DDB8EDE172EC85FC791F114E8D1B06AA7BC8E4AD7CE5CC0E08571070B378A970B1C8C4F6E015A5526DBC05574BFBD7F69DD7F25764D69A9BC871433
          Malicious:true
          Reputation:unknown
          Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD1jIZms4SSRLPckOuAZwbiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABkoeQdphmB2eMdtY/ciCjHDDm+an1EuIYSUZHzt2vZ2gAAAAAOgAAAAAIAACAAAABQdbzn9RWlRJ/LSHKo8lfecOw4mDNE/amNd528y5z1/jAAAAD8Hz+rsA4mDan6jZDhwu0RThsYGsuU9cvLCOQj0o+ClIKLMgItsOZyaQyCKRNecwBAAAAAh+R7J2ZPs7L13KfhGcT73nTIB7lcf5rr9nnKl6DrvKy3eKpu1MnC7HBlFPhMK4TmCHOYNwrFCngCxfCjE0CE0Q=="},"uninstall_metrics":{"installation_date2":"1728394063"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":2297,"pseudo_low_entropy_source":1983,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13372867663433211","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\ShaderCache\data_3

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):8192
          Entropy (8bit):0.012340643231932763
          Encrypted:false
          SSDEEP:
          MD5:41876349CB12D6DB992F1309F22DF3F0
          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
          Malicious:true
          Reputation:unknown
          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\ShaderCache\index

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
          Category:dropped
          Size (bytes):262512
          Entropy (8bit):9.553120663130604E-4
          Encrypted:false
          SSDEEP:
          MD5:4626B1FE365830BAF5CD63E450A8BDF3
          SHA1:E41797E81427811B05ACF7D70FEDB3B737B400B2
          SHA-256:1D150A06EC9128B68B1EED1D694074F44271B77F3F3E52264FE06D33EE81399D
          SHA-512:2C0419A654DED8A2FBE9D152D4E8486284BF95600CBF19B9E9A3F57745F93E17533A635A9AB8ECC89C890D94E1DA26E53F85D3D32188B6060C3D76202D321327
          Malicious:true
          Reputation:unknown
          Preview:.........................................R.b../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\SmartScreen\RemoteData\customSettings

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):47
          Entropy (8bit):4.3818353308528755
          Encrypted:false
          SSDEEP:
          MD5:48324111147DECC23AC222A361873FC5
          SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
          SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
          SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
          Malicious:true
          Reputation:unknown
          Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):35
          Entropy (8bit):4.014438730983427
          Encrypted:false
          SSDEEP:
          MD5:BB57A76019EADEDC27F04EB2FB1F1841
          SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
          SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
          SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
          Malicious:true
          Reputation:unknown
          Preview:{"forceServiceDetermination":false}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\SmartScreen\RemoteData\customSynchronousLookupUris

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):29
          Entropy (8bit):3.922828737239167
          Encrypted:false
          SSDEEP:
          MD5:7BAAFE811F480ACFCCCEE0D744355C79
          SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
          SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
          SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
          Malicious:true
          Reputation:unknown
          Preview:customSynchronousLookupUris_0

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\SmartScreen\RemoteData\customSynchronousLookupUris_0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):35302
          Entropy (8bit):7.99333285466604
          Encrypted:true
          SSDEEP:
          MD5:0E06E28C3536360DE3486B1A9E5195E8
          SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
          SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
          SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
          Malicious:true
          Reputation:unknown
          Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\SmartScreen\RemoteData\edgeSettings

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):18
          Entropy (8bit):3.5724312513221195
          Encrypted:false
          SSDEEP:
          MD5:5692162977B015E31D5F35F50EFAB9CF
          SHA1:705DC80E8B32AC8B68F7E13CF8A75DCCB251ED7D
          SHA-256:42CCB5159B168DBE5D5DDF026E5F7ED3DBF50873CFE47C7C3EF0677BB07B90D4
          SHA-512:32905A4CC5BCE0FE8502DDD32096F40106625218BEDC4E218A344225D6DF2595A7B70EEB3695DCEFDD894ECB2B66BED479654E8E07F02526648E07ACFE47838C
          Malicious:true
          Reputation:unknown
          Preview:edgeSettings_2.0-0

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\SmartScreen\RemoteData\edgeSettings_2.0-0

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):3581
          Entropy (8bit):4.459693941095613
          Encrypted:false
          SSDEEP:
          MD5:BDE38FAE28EC415384B8CFE052306D6C
          SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
          SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
          SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
          Malicious:true
          Reputation:unknown
          Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\SmartScreen\RemoteData\synchronousLookupUris

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):47
          Entropy (8bit):4.493433469104717
          Encrypted:false
          SSDEEP:
          MD5:3F90757B200B52DCF5FDAC696EFD3D60
          SHA1:569A2E1BED9ECCDF7CD03E270AEF2BD7FF9B0E77
          SHA-256:1EE63F0A3502CFB7DF195FABBA41A7805008AB2CCCDAEB9AF990409D163D60C8
          SHA-512:39252BBAA33130DF50F36178A8EAB1D09165666D8A229FBB3495DD01CBE964F87CD2E6FCD479DFCA36BE06309EF18FEDA7F14722C57545203BBA24972D4835C8
          Malicious:true
          Reputation:unknown
          Preview:synchronousLookupUris_636976985063396749.rel.v2

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\SmartScreen\RemoteData\topTraffic

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:ASCII text, with no line terminators
          Category:dropped
          Size (bytes):50
          Entropy (8bit):3.9904355005135823
          Encrypted:false
          SSDEEP:
          MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
          SHA1:5AAAC173107C688C06944D746394C21535B0514B
          SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
          SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
          Malicious:true
          Reputation:unknown
          Preview:topTraffic_170540185939602997400506234197983529371

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:data
          Category:dropped
          Size (bytes):575056
          Entropy (8bit):7.999649474060713
          Encrypted:true
          SSDEEP:
          MD5:BE5D1A12C1644421F877787F8E76642D
          SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
          SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
          SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
          Malicious:true
          Reputation:unknown
          Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\Variations

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):86
          Entropy (8bit):4.3751917412896075
          Encrypted:false
          SSDEEP:
          MD5:961E3604F228B0D10541EBF921500C86
          SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
          SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
          SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
          Malicious:true
          Reputation:unknown
          Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

          C:\Users\user\Desktop\USBRecoveryCreator.exe.WebView2\EBWebView\d0eb52f5-0d88-4b3a-8151-07a3b526ecd4.tmp

          Download File
          Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
          File Type:JSON data
          Category:dropped
          Size (bytes):3425
          Entropy (8bit):5.274396304706787
          Encrypted:false
          SSDEEP:
          MD5:7E6A003F39AEF5B46873358DC26AFCE5
          SHA1:A2C7E9ABFD31A047CE8D7EA9392B8D8F6B9247D5
          SHA-256:8B793C49C2396EAD96B4B620BE99A743F90B75B9830F6E5BA888D7676AF98224
          SHA-512:4344FB205FB6C026C254B3EFDA276443710F495E761DEF9BE94C7CAD1F0F324F35F90999961CDE3B33E05F5ED0334E7AA30BC158CD778B6115E9F12F09393724
          Malicious:true
          Reputation:unknown
          Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"is_dsp_recommended":true,"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.728394064645332e+12,"network":1.728394065e+12,"ticks":5006960980.0,"uncertainty":2055761.0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAD1jIZms4SSRLPckOuAZwbiEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAABkoeQdphmB2eMdtY/ciCjHDDm+an1EuIYSUZHzt2vZ2gAAAAAOgAAAAAIAACAAAABQdbzn9RWlRJ/LSHKo8lfecOw4mDNE/amNd528y5z1/jAAAAD8Hz+rsA4mDan6jZDhwu0RThsYGsuU9cvLCOQj0o+ClIKLMgItsOZyaQyCKRNecwBAAAAAh+R7J2ZPs7L13KfhGcT73nTIB7lcf5rr9nnKl6D

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):7.948001089404294
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.96%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:USBRecoveryCreator.exe
          File size:74'500'240 bytes
          MD5:23a460c02cc1b3b220ecb54cbd974a6a
          SHA1:ece022c7d45ccf9afd5b72c33f1dcfc85a42c204
          SHA256:dc86aed4873dbb3cef993c84533d83efc4ad35150ae32c15d22c40adbb511c43
          SHA512:333aebed6643bd38e2fbe052e1d31c36ba2f5c828defb699d50b700e475fe9fe2175eaed244eb1bef292dc7f6f34461802e924f5a9f4177f03760ad05af6be18
          SSDEEP:1572864:o7lbWgSb6k8QLc49MATBx3zUUCKfhFPON+VoUAYTjeWmoUHQArfLeq:gBSbvTZmAT3wUTKUbTmoUwCD
          TLSH:D6F72330B206CD26C85931F68D6DE6BB7C2E6EB62B2090C372F83D1D19725C39A35957
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o..P..,P..,P..,YvK,D..,.{.-C..,.{.-M..,.{.-...,.|.-X..,.|.-]..,P..,[..,.{.-V..,.{.-...,.{.-Q..,.{.-Q..,RichP..,...............

          File Icon

          Icon Hash:07694d547171338e

          Static PE Info

          General

          Entrypoint:0x8e5550
          Entrypoint Section:.text
          Digitally signed:true
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
          Time Stamp:0x6467E013 [Fri May 19 20:46:11 2023 UTC]
          TLS Callbacks:0x8e4b60, 0x8e5200
          CLR (.Net) Version:
          OS Version Major:6
          OS Version Minor:0
          File Version Major:6
          File Version Minor:0
          Subsystem Version Major:6
          Subsystem Version Minor:0
          Import Hash:d9bd840c4b42e1038456030d561b51b5

          Authenticode Signature

          Signature Valid:true
          Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
          Signature Validation Error:The operation completed successfully
          Error Number:0
          Not Before, Not After
          • 07/02/2024 01:00:00 07/02/2025 00:59:59
          Subject Chain
          • CN=Lenovo, O=Lenovo, L=Morrisville, S=North Carolina, C=US
          Version:3
          Thumbprint MD5:945D1558A6AF50F8935B050670CCAEE6
          Thumbprint SHA-1:1C5B0A8D9DA9BB6A5FCE9A548BA9278339E00507
          Thumbprint SHA-256:6CBA6F5FE65C225CEEBE771BE941E84A4C07790389442C1E061A4E4373C47B3D
          Serial:0C3A095717D61722120BAAF86500E9F1

          Entrypoint Preview

          Instruction
          call 00007F23CCB70C23h
          jmp 00007F23CCB7063Dh
          push ebp
          mov ebp, esp
          sub esp, 00000324h
          push ebx
          push 00000017h
          call dword ptr [0094430Ch]
          test eax, eax
          je 00007F23CCB707D7h
          mov ecx, dword ptr [ebp+08h]
          int 29h
          push 00000003h
          call 00007F23CCB7097Fh
          mov dword ptr [esp], 000002CCh
          lea eax, dword ptr [ebp-00000324h]
          push 00000000h
          push eax
          call 00007F23CCB73244h
          add esp, 0Ch
          mov dword ptr [ebp-00000274h], eax
          mov dword ptr [ebp-00000278h], ecx
          mov dword ptr [ebp-0000027Ch], edx
          mov dword ptr [ebp-00000280h], ebx
          mov dword ptr [ebp-00000284h], esi
          mov dword ptr [ebp-00000288h], edi
          mov word ptr [ebp-0000025Ch], ss
          mov word ptr [ebp-00000268h], cs
          mov word ptr [ebp-0000028Ch], ds
          mov word ptr [ebp-00000290h], es
          mov word ptr [ebp-00000294h], fs
          mov word ptr [ebp-00000298h], gs
          pushfd
          pop dword ptr [ebp-00000264h]
          mov eax, dword ptr [ebp+04h]
          mov dword ptr [ebp-0000026Ch], eax
          lea eax, dword ptr [ebp+04h]
          mov dword ptr [ebp-00000260h], eax
          mov dword ptr [ebp-00000324h], 00010001h
          mov eax, dword ptr [eax-04h]
          push 00000050h
          mov dword ptr [ebp-00000270h], eax
          lea eax, dword ptr [ebp-58h]
          push 00000000h
          push eax
          call 00007F23CCB708BAh

          Rich Headers

          Programming Language:
          • [IMP] VS2008 SP1 build 30729

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x67e2400xb0.rdata
          IMAGE_DIRECTORY_ENTRY_IMPORT0x67e2f00x154.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x6a60000x194880.rsrc
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x4709f780x2918
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x83b0000x430c4.reloc
          IMAGE_DIRECTORY_ENTRY_DEBUG0x60c4280x54.rdata
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x60c4800x18.rdata
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x549a700x40.rdata
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x5440000x718.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x67e1380x60.rdata
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x541ada0x541c00e725b16d124bf0f0f920fd5a3fad20d4unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .CLR_UEF0x5430000x440x200db5aa520ae2e25b3fb85f32905ed26baFalse0.134765625data0.9617583915731932IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          .rdata0x5440000x13c9980x13ca00574e28d751cd0d3f476087fbdfb6acccFalse0.36306534988156336data5.060218179581809IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .data0x6810000x121cc0x50008bc47d24ab8e8b017dc6a1dd5a0f1185False0.2630859375Matlab v4 mat-file (little endian) \377\377\377\377, numeric, rows 0, columns 03.75998052440561IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          .didat0x6940000x1c0x200ced229425a2b069efbc0217f90464a5bFalse0.0546875data0.25996289920834015IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          _RDATA0x6950000x10f100x11000211089d7d672e1712b48c26d0bdc0a1bFalse0.16291360294117646data5.364619170209927IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .rsrc0x6a60000x1948800x194a00dd02d58b3a59760b1d7d10428ad48a89False0.32200557035835653data6.214926301422756IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
          .reloc0x83b0000x430c40x4320070b7acfb4a79249e4a06a7a07833929dFalse0.5975907821229051data6.676390375594541IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

          Resources

          NameRVASizeTypeLanguageCountryZLIB Complexity
          RT_ICON0x6a63680x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.4326241134751773
          RT_ICON0x6a67d00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.22045028142589118
          RT_ICON0x6a78780x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.19865145228215766
          RT_ICON0x6a9e200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.11891828058573453
          RT_ICON0x6ae0480x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.06389743286407193
          RT_ICON0x6be8700x42028Device independent bitmap graphic, 256 x 512 x 32, image size 2703360.033930526378080895
          RT_RCDATA0x7008980x24data1.1388888888888888
          RT_RCDATA0x7008bc0x314data0.6370558375634517
          RT_RCDATA0x700bd00x138bb0PE32 executable (DLL) (GUI) Intel 80386, for MS Windows0.4065227508544922
          RT_GROUP_ICON0x8397800x5adata0.7333333333333333
          RT_VERSION0x8397dc0x34edata0.39243498817966904
          RT_MANIFEST0x839b2c0xd53XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.38463793608912344

          Imports

          DLLImport
          KERNEL32.dllMultiByteToWideChar, GetTickCount, QueryPerformanceFrequency, QueryPerformanceCounter, GetModuleHandleW, FlushInstructionCache, InterlockedPushEntrySList, InterlockedFlushSList, InitializeSListHead, GetTickCount64, DuplicateHandle, QueueUserAPC, WaitForSingleObjectEx, SetThreadPriority, GetThreadPriority, ResumeThread, GetCurrentThreadId, Sleep, TlsAlloc, GetCurrentThread, CreateThread, WaitForMultipleObjectsEx, SignalObjectAndWait, SetThreadStackGuarantee, VirtualQuery, GetStdHandle, WideCharToMultiByte, GetConsoleOutputCP, MapViewOfFileEx, UnmapViewOfFile, GetStringTypeExW, SetEvent, GetCurrentProcessorNumber, GlobalMemoryStatusEx, CreateIoCompletionPort, PostQueuedCompletionStatus, SleepEx, GetQueuedCompletionStatus, InterlockedPopEntrySList, GetCurrentProcessorNumberEx, ExitProcess, CreateMemoryResourceNotification, GetProcessAffinityMask, SetThreadIdealProcessorEx, GetThreadIdealProcessorEx, GetLargePageMinimum, VirtualUnlock, ResetWriteWatch, GetWriteWatch, GetLogicalProcessorInformation, SetThreadGroupAffinity, SetThreadAffinityMask, IsProcessInJob, QueryInformationJobObject, K32GetProcessMemoryInfo, VirtualAlloc, VirtualFree, VirtualProtect, SwitchToThread, CloseThreadpoolTimer, CreateThreadpoolTimer, SetThreadpoolTimer, GetFileSize, GetEnvironmentVariableW, SetEnvironmentVariableW, CreateEventW, ResetEvent, CreateSemaphoreExW, ReleaseSemaphore, CreateMutexW, ReleaseMutex, GetThreadContext, SuspendThread, SetThreadContext, GetEnabledXStateFeatures, InitializeContext, CopyContext, GetSystemDefaultLCID, GetUserDefaultLCID, OutputDebugStringA, RtlUnwind, HeapAlloc, HeapFree, GetProcessHeap, HeapCreate, HeapDestroy, GetEnvironmentStringsW, FreeEnvironmentStringsW, FormatMessageW, GetACP, LCMapStringEx, LocalFree, VerSetConditionMask, VerifyVersionInfoW, IsWow64Process, FindClose, GetModuleFileNameW, FindNextFileW, QueryThreadCycleTime, VirtualAllocExNuma, GetNumaProcessorNodeEx, GetNumaHighestNodeNumber, GetSystemTimes, GetSystemTimeAsFileTime, CreateProcessW, GetCPInfo, LoadLibraryExW, CreateFileW, GetFileAttributesExW, GetTempPathW, GetCurrentDirectoryW, FindFirstFileExW, GetFullPathNameW, OpenProcess, LoadLibraryExA, OpenEventW, ExitThread, HeapReAlloc, CreateNamedPipeA, WaitForMultipleObjects, DisconnectNamedPipe, CreateFileA, CancelIoEx, GetOverlappedResult, ConnectNamedPipe, FlushFileBuffers, CreateFileMappingW, MapViewOfFile, GetActiveProcessorGroupCount, GetSystemTime, SetConsoleCtrlHandler, GetLocaleInfoEx, GetUserDefaultLocaleName, CreateDirectoryW, RemoveDirectoryW, GetFileSizeEx, LoadLibraryA, InitializeCriticalSectionAndSpinCount, AddVectoredExceptionHandler, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetCurrentProcessId, RaiseFailFastException, FreeLibrary, RaiseException, WaitForSingleObject, TlsSetValue, TlsGetValue, GetSystemInfo, ReadProcessMemory, IsDebuggerPresent, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, WriteFile, GetProcessTimes, GetCommandLineW, ReadFile, SetFilePointer, GetProcAddress, GetModuleHandleExW, SetErrorMode, CloseHandle, GetCurrentProcess, FlushProcessWriteBuffers, SetLastError, GetLastError, OutputDebugStringW, SetXStateFeaturesMask, DebugBreak, DecodePointer, GetStringTypeW, IsProcessorFeaturePresent, EncodePointer, TlsFree, InitializeConditionVariable, WakeConditionVariable, WakeAllConditionVariable, SleepConditionVariableCS, SleepConditionVariableSRW, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, InitializeCriticalSectionEx, TryEnterCriticalSection, GetExitCodeThread, CreateFileMappingA
          ADVAPI32.dllRegGetValueW, SetKernelObjectSecurity, GetSidSubAuthorityCount, GetSidSubAuthority, GetTokenInformation, DeregisterEventSource, ReportEventW, RegisterEventSourceW, RegQueryValueExW, RegOpenKeyExW, RegCloseKey, EventRegister, AdjustTokenPrivileges, OpenProcessToken, LookupPrivilegeValueW, SetThreadToken, RevertToSelf, OpenThreadToken, EventWriteTransfer, EventWrite
          ole32.dllCoRegisterInitializeSpy, CoInitializeEx, CoCreateGuid, CoTaskMemAlloc, CoRevokeInitializeSpy, CoWaitForMultipleHandles, CoUninitialize, StringFromGUID2, CoTaskMemFree, CoReleaseMarshalData, IIDFromString, CLSIDFromProgID, CoGetMarshalSizeMax, CoMarshalInterface, CoUnmarshalInterface, CreateStreamOnHGlobal, CoGetContextToken, CoGetClassObject, CoCreateFreeThreadedMarshaler, CoGetObjectContext
          OLEAUT32.dllSafeArrayAllocDescriptorEx, GetRecordInfoFromTypeInfo, SafeArraySetRecordInfo, SafeArrayAllocData, SafeArrayGetElemsize, SysStringByteLen, SysAllocStringByteLen, SafeArrayCreateVector, SafeArrayPutElement, LoadRegTypeLib, CreateErrorInfo, VariantInit, VariantClear, VarCyFromDec, VariantChangeType, SafeArrayGetVartype, LoadTypeLibEx, QueryPathOfRegTypeLib, SafeArrayDestroy, SafeArrayGetLBound, SafeArrayGetDim, SysAllocStringLen, SysStringLen, SysAllocString, SetErrorInfo, GetErrorInfo, SysFreeString, VariantChangeTypeEx
          USER32.dllLoadStringW, MessageBoxW
          SHELL32.dllShellExecuteW
          api-ms-win-crt-string-l1-1-0.dlltolower, iswascii, towupper, strcspn, strncmp, wcscat_s, _strnicmp, strncpy_s, _stricmp, wcsncmp, iswupper, towlower, isalpha, isdigit, wcstok_s, strcat_s, strtok_s, isspace, _strdup, isupper, wcscpy_s, strcpy_s, _wcsdup, wcsnlen, strlen, strcmp, islower, iswspace, _wcsnicmp, strncat_s, wcsncat_s, __strncnt, _wcsicmp, strnlen, wcsncpy_s
          api-ms-win-crt-stdio-l1-1-0.dll_set_fmode, fgets, fclose, _wfopen, fgetc, __stdio_common_vswprintf, __stdio_common_vsscanf, __p__commode, fputws, fputwc, __stdio_common_vfwprintf, _get_stream_buffer_pointers, _fseeki64, __stdio_common_vsnwprintf_s, fread, fputs, fsetpos, fopen, __stdio_common_vsnprintf_s, fwrite, __stdio_common_vfprintf, __stdio_common_vswprintf_s, __stdio_common_vsprintf_s, ungetc, __acrt_iob_func, fflush, _wfsopen, _putws, _flushall, setvbuf, _setmode, _dup, _fileno, ftell, fseek, fputc, fgetpos
          api-ms-win-crt-runtime-l1-1-0.dll_errno, _invalid_parameter_noinfo_noreturn, _wcserror, _initialize_wide_environment, _beginthreadex, terminate, _controlfp_s, _invalid_parameter_noinfo, _register_thread_local_exe_atexit_callback, _c_exit, __p___wargv, __p___argc, abort, exit, _initialize_onexit_table, _register_onexit_function, _crt_atexit, _cexit, _seh_filter_exe, _set_app_type, _exit, _configure_wide_argv, _initterm_e, _get_initial_wide_environment, _initterm
          api-ms-win-crt-convert-l1-1-0.dllatol, atoi, strtoull, _itow_s, _wtoi, _ltow_s, strtoul, wcstoul, _wcstoui64
          api-ms-win-crt-heap-l1-1-0.dll_set_new_mode, free, malloc, calloc, realloc
          api-ms-win-crt-utility-l1-1-0.dllqsort
          api-ms-win-crt-math-l1-1-0.dll_CIfmod, _CIcosh, _CIatan2, _CItanh, _libm_sse2_log_precise, _libm_sse2_pow_precise, __libm_sse2_acos, __libm_sse2_asin, __libm_sse2_atan, __libm_sse2_atan2, __libm_sse2_cos, log2, __libm_sse2_sin, __libm_sse2_exp, ilogb, cbrt, asinh, asinhf, ilogbf, atanhf, cbrtf, acoshf, log2f, _copysign, _libm_sse2_sin_precise, modf, _libm_sse2_log10_precise, _isnan, _libm_sse2_sqrt_precise, _libm_sse2_tan_precise, ceil, floor, fma, _fdopen, fmaf, __libm_sse2_log, _finite, _CIsinh, __libm_sse2_log10, _libm_sse2_exp_precise, __libm_sse2_pow, _libm_sse2_cos_precise, frexp, __libm_sse2_tan, _libm_sse2_acos_precise, acosh, _libm_sse2_atan_precise, __setusermatherr, atanh, _libm_sse2_asin_precise
          api-ms-win-crt-time-l1-1-0.dll_time64, wcsftime, _gmtime64_s
          api-ms-win-crt-locale-l1-1-0.dllsetlocale, _configthreadlocale, localeconv, __pctype_func, _lock_locales, _unlock_locales, ___lc_locale_name_func, ___lc_codepage_func, ___mb_cur_max_func
          api-ms-win-crt-filesystem-l1-1-0.dll_wremove, _wrename, _lock_file, _unlock_file

          Exports

          NameOrdinalAddress
          CLRJitAttachState30xa8cd4c
          DotNetRuntimeInfo40xa82578
          MetaDataGetDispenser50x8968b0
          g_CLREngineMetrics20xa81ff0